1. 首頁
  2. 問答
  3. 的SharePoint 2013 WCF服務的HTTP請求是未經授權的

的SharePoint 2013 WCF服務的HTTP請求是未經授權的

2014-11-03 135 views
1

我使用WCF服務託管在IIS7通過https,當我撥打服務在Windows 8應用將返回錯誤的SharePoint 2013 WCF服務的HTTP請求是未經授權的

「HTTP請求是未經授權的客戶端身份驗證方案匿名',從服務器收到的驗證頭是'NTLM'。「

這項服務的web.config

<configuration> 
<system.serviceModel> 
<services> 
    <service behaviorConfiguration="CellStorageServiceBehavior" name="Microsoft.SharePoint.SoapServer.CellStorages"> 
    <endpoint address="CellStorageService" binding="basicHttpBinding" 
     bindingConfiguration="StreamBinding" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="CellStorageServiceHttpsBehavior" name="Microsoft.SharePoint.SoapServer.CellStoragesHttps"> 
    <endpoint address="CellStorageService" binding="basicHttpBinding" 
       bindingConfiguration="StreamBindingHttps" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" 
      bindingConfiguration="StreamBindingHttpsBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" 
      bindingConfiguration="StreamBindingHttpsDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" 
       bindingConfiguration="StreamBindingHttpsNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="ClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebService"> 
    <endpoint address="" 
       binding="basicHttpBinding" 
       bindingConfiguration="TextStreamBindingNoSecurity" 
       bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" 
       behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" 
       contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="HttpsClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebServiceHttps"> 
    <endpoint address="" 
       binding="basicHttpBinding" 
       bindingConfiguration="TextStreamBindingHttpsNoSecurity" 
       bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" 
       behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" 
       contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
</services> 
<protocolMapping> 
    <add scheme="https" binding="webHttpBinding" bindingConfiguration="StreamBindingHttps" /> 
    <add scheme="http" binding="webHttpBinding" bindingConfiguration="StreamBinding" /> 
</protocolMapping> 
<bindings> 
    <webHttpBinding> 
    <binding name="webHttpBindingWithJsonP" 
      crossDomainScriptAccessEnabled="true" /> 
    </webHttpBinding> 
    <basicHttpBinding> 
    <binding name="StreamBinding" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingBasic" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Basic"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingDigest" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Digest"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm"/> 
     <message clientCredentialType="UserName" algorithmSuite="Default" /> 
     </security> 
    </binding> 
    <binding name="TextStreamBindingNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" 
     transferMode="StreamedResponse"> 
    </binding> 
    <binding name="StreamBindingHttps" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsBasic" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Basic"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsDigest" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Digest"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Ntlm"/> 
     <message clientCredentialType="UserName" algorithmSuite="Default" /> 
     </security> 
    </binding> 
    <binding name="TextStreamBindingHttpsNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="None"/> 
     </security> 
    </binding> 
    <binding name="mexHttpBinding"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Windows" proxyCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="mexNtlmHttpBinding"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"/> 
     </security> 
    </binding> 
    </basicHttpBinding> 
</bindings> 
<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true--> 
<behaviors> 
    <serviceBehaviors> 
    <behavior name="CellStorageServiceBehavior"> 
     <serviceMetadata httpGetEnabled="true" /> 

     <serviceDebug includeExceptionDetailInFaults="true" /> 

    </behavior> 
    <behavior name="CellStorageServiceHttpsBehavior"> 
     <serviceMetadata httpsGetEnabled="true" /> 

     <serviceDebug includeExceptionDetailInFaults="true" /> 
    </behavior> 
    <behavior name="ClaimProviderWebServiceBehavior" > 
     <serviceMetadata httpGetEnabled="true" /> 
     <serviceDebug includeExceptionDetailInFaults="false" /> 
    </behavior> 
    <behavior name="HttpsClaimProviderWebServiceBehavior" > 
     <serviceMetadata httpsGetEnabled="true" /> 
     <serviceDebug includeExceptionDetailInFaults="false" /> 
    </behavior> 
    </serviceBehaviors> 
    <endpointBehaviors> 
    <behavior name="HttpBinding.LargeDataEndpointBehavior"> 
     <dataContractSerializer maxItemsInObjectGraph="2147483647" /> 
    </behavior> 
    </endpointBehaviors> 
</behaviors>

和這樣的搜索結果後,周來調用Windows 8應用

private async void ConfigureHttpsProxy() 
    { 
     try 
     { 
      SecurityBindingElement securityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); 
      HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); 
      httpsTransport.AuthenticationScheme = System.Net.AuthenticationSchemes.Ntlm; 

      CustomBinding binding = new CustomBinding(securityElement, httpsTransport); 
      binding.Name = "StreamBindingHttps"; 

      EndpointAddress remoteAddress = new EndpointAddress(addressHttps); 

      var client = new ServiceHosted.ServiceHostedClient(binding, remoteAddress); 
      client.ClientCredentials.UserName.UserName = "UserName"; 

      client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; 

      var result = await client.GetUserAsync("ahmed", "123456"); 

      var x = result.DepartmentName; 
     } 
     catch { }   
    }

來源

2014-11-03 Sara.elbehairy

回答

1

服務是如下:

NTLM解決方案步驟: 1-從中心管理: 中心管理: NT AUTHORITY \本地 - >完全控制 當前用戶 - >完全控制

驗證提供商 索賠基於身份驗證 - >默認 啓用匿名訪問 啓用Windows - >的Kerberos

2-從Web配置: 將以下節點添加到服務的serviceBehaviors行爲節點。

3-從客戶端: _serviceClient.ClientCredentials.Windows.ClientCredential =新System.Net.NetworkCredential( 「用戶名」, 「口令」); _serviceClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;

4-從服務端: 在網站上啓用模擬。通過使用WindowsIdentity.Impersonate(token)爲整個站點啓用ASP.NET模擬或臨時模擬用戶。 將以下屬性添加到需要模擬的WCF服務中的每個方法。 [OperationBehavior(模擬= ImpersonationOption.Allowed)]

更多細節回鏈接: http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx

http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx

來源

2014-11-19 16:11:12

相關問題

 相關問題