如何在需要NTLM身份驗證的服務中公開MEX

Question

我正在開發一個RESTful和SOAP的WCF服務，現在他們都需要使用NTLM身份驗證。

我也想公開MEX端點，以便其他人可以輕鬆地引用服務並使用它。

現在，當我將IIS設置爲需要Windows身份驗證時，我可以使用REST服務併成功調用服務，但是當我想使用SVCUTIL引用服務時，會引發它需要匿名的錯誤。

這裏是我的web.config：

<system.serviceModel> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/> 
<bindings> 
    <basicHttpBinding> 
    <binding name="basicHttpBinding" maxReceivedMessageSize="214748563" maxBufferSize="214748563" maxBufferPoolSize="214748563"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm"> 

     </transport> 
     </security> 
    </binding> 
    </basicHttpBinding> 
    <webHttpBinding> 
    <binding name="webHttpBinding" maxReceivedMessageSize="214748563" maxBufferSize="214748563" maxBufferPoolSize="214748563"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm"> 

     </transport> 
     </security> 
    </binding> 
    </webHttpBinding> 
    <mexHttpBinding> 
    <binding name="mexHttpBinding"></binding> 
    </mexHttpBinding> 
</bindings> 
<standardEndpoints> 
    <webHttpEndpoint> 
    <standardEndpoint name="" automaticFormatSelectionEnabled="true" helpEnabled="True"> 
    </standardEndpoint> 
    </webHttpEndpoint> 
</standardEndpoints> 
<services> 
    <service name="Intel.ResourceScheduler.Service" behaviorConfiguration="Meta"> 
    <clear /> 
    <endpoint address="soap" name="SOAP" binding="basicHttpBinding" contract="Intel.ResourceScheduler.Service.IResourceSchedulerService" listenUriMode="Explicit" /> 
    <endpoint address="" name="rest" binding="webHttpBinding" behaviorConfiguration="REST" contract="Intel.ResourceScheduler.Service.IResourceSchedulerService" /> 
    <endpoint address="mex" name="mex" binding="mexHttpBinding" behaviorConfiguration="" contract="IMetadataExchange" /> 
    </service> 
</services> 
<behaviors> 
    <endpointBehaviors> 
    <behavior name="REST"> 
     <webHttp /> 
    </behavior> 
    <behavior name="WCFBehavior"> 
     <dataContractSerializer maxItemsInObjectGraph="2147483647" /> 
    </behavior> 

    </endpointBehaviors> 
    <serviceBehaviors> 
    <behavior name="Meta"> 
     <serviceMetadata httpGetEnabled="true"/> 
    </behavior> 
    <behavior name="REST"> 
     <dataContractSerializer maxItemsInObjectGraph="2147483647" /> 
    </behavior> 
    <behavior name="WCFBehavior"> 
     <serviceMetadata httpGetEnabled="true"/> 
     <dataContractSerializer maxItemsInObjectGraph="2147483647" /> 
    </behavior> 
    <behavior name=""> 
     <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
     <serviceMetadata httpGetEnabled="true" /> 
     <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
     <serviceDebug includeExceptionDetailInFaults="false" /> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 

任何幫助將不勝感激。

Answer 1

嘗試更改mex服務的綁定，它不會與mexHttpBinding一起使用，因爲它禁用了安全性。我沒有在完全相同的情況下對此進行測試，但在我的情況下，由於安全性，我還必須更改它。

在您的例子我會嘗試改變它像這樣：

<endpoint address="mex" contract="IMetadataExchange" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding"/> 

爲了使MEX綁定配置更加獨立的SOAP服務的綁定配置也可以定義並使用單獨的bindingConfiguration像

<binding name="secureMexHttpBinding" > 
    <security mode="TransportCredentialOnly"> 
    <transport clientCredentialType="Ntlm"> 
    </transport> 
    </security> 
</binding> 

然後更改mex端點

endpoint address="mex" contract="IMetadataExchange" binding="basicHttpBinding" bindingConfiguration="secureMexHttpBinding"/>