WCF Windows身份驗證在部署後不起作用

Question

我有Windows身份驗證的WCF服務。它部署到另一臺服務器後，我收到了以下異常：

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized

客戶端配置沒有改變，看起來是這樣的：

<ws2007HttpBinding> 
    <binding name="autoSecureBinding"> 
    <security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""></transport> 
     <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="false"/> 
    </security> 
    </binding> 
</ws2007HttpBinding> 

編輯：當我在瀏覽器中打開我的服務我收到以下錯誤：

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

有誰知道這可能是個問題？

Answer 1

另一臺服務器是否在同一個活動目錄域下？

此外，您希望轉到目標IIS並查看站點/應用程序身份驗證設置是否將「Windows身份驗證」設置爲「已啓用」。 （請參閱下面的IIS7屏幕）

Answer 2

這是一個雙贏的權威性只WCF服務的工作web.config中，我使用（僅限於Windows身份驗證在IIS中啓用）。

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <system.web> 
     <compilation debug="true" targetFramework="4.0" /> 
    </system.web> 
    <system.serviceModel> 
     <behaviors> 
      <serviceBehaviors> 
       <behavior> 
        <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
        <serviceMetadata httpGetEnabled="true" /> 
        <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
        <serviceDebug includeExceptionDetailInFaults="true" /> 
       </behavior> 
      </serviceBehaviors> 
     </behaviors> 
     <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="MyBindingForWindowsAuth"> 
        <security mode="TransportCredentialOnly"> 
         <transport clientCredentialType="Ntlm" /> 
         <!--<transport clientCredentialType="Windows" />--> 
        </security> 
       </binding> 
      </basicHttpBinding> 
     </bindings> 
     <services> 
      <service name="DataAccessService.Service"> 
       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="DataAccessService.IService" /> 
       <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="IMetadataExchange" /> 
      </service> 
     </services> 
    </system.serviceModel> 
    <system.webServer> 
     <modules runAllManagedModulesForAllRequests="true" /> 
     <directoryBrowse enabled="true" /> 
    </system.webServer> 
</configuration> 

有了這個設置的地方，如果你想通過ASP.NET用戶身份WCF你有3種選擇：

選項1：

client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("phil.morris", "P4ssW0rd", "mydomain"); 

選項2：

使用impersonate：

using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate()) 
{ 
    string s = client.GetUserInfo(); 
    retVal = "Wcf User: " + s; 
} 

選項3：
在調用者ASP.NET應用程序中啓用ASP.NET模擬