（401）未經授權錯誤：WCF安全/結合

Question

我有一個WCF Web服務，並在同一臺機器上的客戶端兩者。直接使用瀏覽器訪問WCF Web服務，但客戶端無法連接;下面的錯誤消息。有任何想法嗎？ IIS中的集成Windows身份驗證用於客戶端和服務器。

The remote server returned an error: (401) Unauthorized. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized. 

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

Stack Trace: 

[WebException: The remote server returned an error: (401) Unauthorized.] 
    System.Net.HttpWebRequest.GetResponse() +5313085 
    System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +54 

[MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.] 
    System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +7594687 
    System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +275 
    HRPaysService.IService1.GetAlert() +0 
    HRPaysService.Service1Client.GetAlert() +15 
    _Default.Page_Load(Object sender, EventArgs e) +138 
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14 
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 
    System.Web.UI.Control.OnLoad(EventArgs e) +99 
    System.Web.UI.Control.LoadRecursive() +50 
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627 

客戶：

<system.serviceModel> 
    <bindings> 
     <basicHttpBinding> 
      <binding name="basicBinding"> 
       <security mode="TransportCredentialOnly"> 
        <transport clientCredentialType="Windows" 
          proxyCredentialType="Windows" realm="" /> 
        <message clientCredentialType="UserName" 
          algorithmSuite="Default" /> 
       </security> 
      </binding> 
     </basicHttpBinding> 
    </bindings> 
    <client> 
     <endpoint 
      address="http://hrpaysservice/service1.svc" 
      binding="basicHttpBinding" 
      bindingConfiguration="basicBinding" 
      contract="HRPaysService.IService1"> 
     </endpoint> 
    </client> 
    </system.serviceModel> 

服務器：

<system.serviceModel> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="basicBinding"> 
      <security mode="TransportCredentialOnly"> 
       <transport clientCredentialType="Windows" 
          proxyCredentialType="Windows" realm="" /> 
       <message clientCredentialType="UserName" 
         algorithmSuite="Default" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <client> 
     <endpoint 
      address="http://hrpaysservice/service1.svc" 
      binding="basicHttpBinding" 
      bindingConfiguration="basicBinding" 
      contract="HRPaysService.IService1"> 
     </endpoint> 
</client> 
</system.serviceModel> 

Answer 1

客戶：

<system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
       <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" 
        textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> 
         <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
         <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 
        <security mode="Message"> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" 
         realm="" /> 
         <message clientCredentialType="Windows" negotiateServiceCredential="true" 
         algorithmSuite="Default" establishSecurityContext="true" /> 
        </security> 
       </binding> 
     </wsHttpBinding> 
    </bindings> 
    <client> 
     <endpoint address="http://localhost:3097/Service1.svc" binding="wsHttpBinding" 
      bindingConfiguration="WSHttpBinding_IService1" contract="HRPaysService.IService1" 
      name="WSHttpBinding_IService1"> 
       <identity> 
        <dns value="localhost" /> 
       </identity> 
     </endpoint> 
    </client> 
</system.serviceModel> 

服務器：如果WCF服務的虛擬目錄未配置爲

<system.serviceModel> 
     <bindings> 
     <basicHttpBinding> 
        <binding name="basicBinding"> 
        <security mode="TransportCredentialOnly"> 
          <transport clientCredentialType="Windows"/> 
        </security> 
       </binding> 
      </basicHttpBinding> 
     </bindings> 
    <services> 
      <service behaviorConfiguration="basicBehavior" name="WcfService1.Service1"> 
       <endpoint address="" binding="basicHttpBinding" contract="WcfService1.IService1" bindingConfiguration="basicBinding" /> 
       <endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="basicBinding" /> 
     </service> 
    </services> 
    <behaviors> 
      <serviceBehaviors> 
       <behavior name="basicBehavior"> 
        <serviceMetadata httpGetEnabled="true" /> 
       </behavior> 
      </serviceBehaviors> 
     </behaviors> 
</system.serviceModel> 

Answer 2

你有一個crossdomain.xml的文件在你的服務的Web應用程序設置？如果沒有，創建一個包含以下內容 -

<?xml version="1.0"?> 
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> 
<cross-domain-policy> 
    <allow-http-request-headers-from domain="*" headers="*"/> 
</cross-domain-policy> 

Answer 3

匿名訪問，那麼應該刪除「mex」端點。

您已經發布了2套不同的configs，並似乎有不匹配。你可以發佈導致錯誤的配置嗎？

你的第一個（最上面的）客戶端的配置和最新的服務器配置（不MEX部分）應該工作。

Answer 4

當我嘗試通過向我的Windows窗體應用程序添加「服務參考」來訪問託管在IIS上的WCF服務時，我遇到了同樣的錯誤。但是，當客戶打一個電話的服務的方法，我得到了「未經授權401例外」。這是我的解決這個問題：

（1）I，使用[的wsHttpBinding]開關它是[basicHttpBinding的]如WCF服務配置文件如下：

<system.serviceModel> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="BasicHttpEndpointBinding"> 
        <security mode="TransportCredentialOnly"> 
         <transport clientCredentialType="Windows" /> 
        </security> 
       </binding> 
      </basicHttpBinding> 
     </bindings> 
     <services> 
     <service behaviorConfiguration="ServiceBehavior" name="IService1"> 
      <endpoint address="" binding="basicHttpBinding" 
      bindingConfiguration="BasicHttpEndpointBinding" 
      name="BasicHttpEndpoint" contract="IService1"> 
       <identity> 
        <dns value="localhost" /> 
       </identity> 
      </endpoint> 
      <endpoint address="mex" binding="mexHttpBinding" 
       contract="IMetadataExchange" /> 
     </service> 
    </services> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" 
    multipleSiteBindingsEnabled="true" /> 

（2 ）從您的客戶端應用程序添加一個「服務引用」，並給它一個名稱（我們將在下面的步驟爲「ProxyCalssName」）使用該名稱

（3）調整客戶端應用程序爲app.config文件如下：

<system.serviceModel> 
    <client> 
     <endpoint address="your service URL" 
      binding="basicHttpBinding" bindingConfiguration="basic" contract="ProxyClassName.ServiceName" 
      name="default" /> 
    </client> 
    <bindings> 
     <basicHttpBinding> 
      <binding name="basic"> 
       <security mode="TransportCredentialOnly"> 
        <transport clientCredentialType="Windows" proxyCredentialType="None" 
         realm="" /> 
        <message clientCredentialType="UserName" algorithmSuite="Default" /> 
       </security> 
      </binding> 
     </basicHttpBinding> 
    </bindings> 
</system.serviceModel> 

（4）客戶端應用程序的後臺代碼：

 ProxyClassName.MyServiceName srv = new ProxyClassName.MyServiceName("default"); 
//default is the name of the endpoint in the app.config file as we did. 
    srv.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; 

好運，DigitalFox