sharepoint 2013 wcf服务HTTP请求未经授权

我通过https使用托pipe在iis7上的wcf服务,当我在Windows 8应用程序中调用服务时,它返回错误

“HTTP请求未经授权,客户端authenticationscheme为”匿名“,从服务器收到的authentication头是”NTLM“。

这个服务web.config

<configuration> <system.serviceModel> <services> <service behaviorConfiguration="CellStorageServiceBehavior" name="Microsoft.SharePoint.SoapServer.CellStorages"> <endpoint address="CellStorageService" binding="basicHttpBinding" bindingConfiguration="StreamBinding" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" bindingConfiguration="StreamBindingBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" bindingConfiguration="StreamBindingDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" bindingConfiguration="StreamBindingNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> </service> <service behaviorConfiguration="CellStorageServiceHttpsBehavior" name="Microsoft.SharePoint.SoapServer.CellStoragesHttps"> <endpoint address="CellStorageService" binding="basicHttpBinding" bindingConfiguration="StreamBindingHttps" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" bindingConfiguration="StreamBindingHttpsBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" bindingConfiguration="StreamBindingHttpsDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" bindingConfiguration="StreamBindingHttpsNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> </service> <service behaviorConfiguration="ClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebService"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="TextStreamBindingNoSecurity" bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> </service> <service behaviorConfiguration="HttpsClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebServiceHttps"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="TextStreamBindingHttpsNoSecurity" bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> </service> </services> <protocolMapping> <add scheme="https" binding="webHttpBinding" bindingConfiguration="StreamBindingHttps" /> <add scheme="http" binding="webHttpBinding" bindingConfiguration="StreamBinding" /> </protocolMapping> <bindings> <webHttpBinding> <binding name="webHttpBindingWithJsonP" crossDomainScriptAccessEnabled="true" /> </webHttpBinding> <basicHttpBinding> <binding name="StreamBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows"/> </security> </binding> <binding name="StreamBindingBasic" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> <binding name="StreamBindingDigest" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Digest"/> </security> </binding> <binding name="StreamBindingNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm"/> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="TextStreamBindingNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" transferMode="StreamedResponse"> </binding> <binding name="StreamBindingHttps" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Windows"/> </security> </binding> <binding name="StreamBindingHttpsBasic" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> <binding name="StreamBindingHttpsDigest" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Digest"/> </security> </binding> <binding name="StreamBindingHttpsNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Ntlm"/> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="TextStreamBindingHttpsNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> <binding name="mexHttpBinding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows"/> </security> </binding> <binding name="mexNtlmHttpBinding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"/> </security> </binding> </basicHttpBinding> </bindings> <!--For debugging purposes set the includeExceptionDetailInFaults attribute to true--> <behaviors> <serviceBehaviors> <behavior name="CellStorageServiceBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> <behavior name="CellStorageServiceHttpsBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> <behavior name="ClaimProviderWebServiceBehavior" > <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> <behavior name="HttpsClaimProviderWebServiceBehavior" > <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> <endpointBehaviors> <behavior name="HttpBinding.LargeDataEndpointBehavior"> <dataContractSerializer maxItemsInObjectGraph="2147483647" /> </behavior> </endpointBehaviors> </behaviors> 

并通过这种方式从Windows 8应用程序调用服务

 private async void ConfigureHttpsProxy() { try { SecurityBindingElement securityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); httpsTransport.AuthenticationScheme = System.Net.AuthenticationSchemes.Ntlm; CustomBinding binding = new CustomBinding(securityElement, httpsTransport); binding.Name = "StreamBindingHttps"; EndpointAddress remoteAddress = new EndpointAddress(addressHttps); var client = new ServiceHosted.ServiceHostedClient(binding, remoteAddress); client.ClientCredentials.UserName.UserName = "UserName"; client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; var result = await client.GetUserAsync("ahmed", "123456"); var x = result.DepartmentName; } catch { } } 

搜索结果周后如下:

NTLM解决方案步骤:1-从中心管理员:中心管理:NT Authority \ local – >完全控制当前用户 – >完全控制

身份验证提供程序声明基于身份验证 – >默认启用匿名访问启用Windows – > Kerberos

2-从Web配置:将以下节点添加到服务的serviceBehaviors行为节点。

3-从客户端:_serviceClient.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(“username”,“password”); _serviceClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;

4-从服务端:在网站上启用模拟。 为整个站点启用ASP.NET模拟,或使用WindowsIdentity.Impersonate(token)临时模拟Web站点内的用户。 将以下属性添加到需要模拟的WCF服务中的每个方法。 [OperationBehavior(Impersonation = ImpersonationOption.Allowed)]

有关更多详细信息,请返回链接: http : //blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx

http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx