的SharePoint 2013 WCF服务的HTTP请求是未经授权的

Question

我使用WCF服务托管在IIS7通过https，当我拨打服务在Windows 8应用将返回错误

“HTTP请求是未经授权的客户端身份验证方案匿名'，从服务器收到的验证头是'NTLM'。“

这项服务的web.config

<configuration> 
<system.serviceModel> 
<services> 
    <service behaviorConfiguration="CellStorageServiceBehavior" name="Microsoft.SharePoint.SoapServer.CellStorages"> 
    <endpoint address="CellStorageService" binding="basicHttpBinding" 
     bindingConfiguration="StreamBinding" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" 
     bindingConfiguration="StreamBindingNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="CellStorageServiceHttpsBehavior" name="Microsoft.SharePoint.SoapServer.CellStoragesHttps"> 
    <endpoint address="CellStorageService" binding="basicHttpBinding" 
       bindingConfiguration="StreamBindingHttps" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceBasic" binding="basicHttpBinding" 
      bindingConfiguration="StreamBindingHttpsBasic" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceDigest" binding="basicHttpBinding" 
      bindingConfiguration="StreamBindingHttpsDigest" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 

    <endpoint address="CellStorageServiceNtlm" binding="basicHttpBinding" 
       bindingConfiguration="StreamBindingHttpsNtlm" contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="ClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebService"> 
    <endpoint address="" 
       binding="basicHttpBinding" 
       bindingConfiguration="TextStreamBindingNoSecurity" 
       bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" 
       behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" 
       contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
    <service behaviorConfiguration="HttpsClaimProviderWebServiceBehavior" name="Microsoft.SharePoint.SoapServer.SPClaimProviderWebServiceHttps"> 
    <endpoint address="" 
       binding="basicHttpBinding" 
       bindingConfiguration="TextStreamBindingHttpsNoSecurity" 
       bindingNamespace="http://schemas.microsoft.com/sharepoint/claims/" 
       behaviorConfiguration="HttpBinding.LargeDataEndpointBehavior" 
       contract="MOL.Service.ISAPI.MOL.IServiceHosted" /> 
    </service> 
</services> 
<protocolMapping> 
    <add scheme="https" binding="webHttpBinding" bindingConfiguration="StreamBindingHttps" /> 
    <add scheme="http" binding="webHttpBinding" bindingConfiguration="StreamBinding" /> 
</protocolMapping> 
<bindings> 
    <webHttpBinding> 
    <binding name="webHttpBindingWithJsonP" 
      crossDomainScriptAccessEnabled="true" /> 
    </webHttpBinding> 
    <basicHttpBinding> 
    <binding name="StreamBinding" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingBasic" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Basic"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingDigest" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Digest"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm"/> 
     <message clientCredentialType="UserName" algorithmSuite="Default" /> 
     </security> 
    </binding> 
    <binding name="TextStreamBindingNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" 
     transferMode="StreamedResponse"> 
    </binding> 
    <binding name="StreamBindingHttps" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsBasic" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Basic"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsDigest" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Digest"/> 
     </security> 
    </binding> 
    <binding name="StreamBindingHttpsNtlm" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Mtom" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Ntlm"/> 
     <message clientCredentialType="UserName" algorithmSuite="Default" /> 
     </security> 
    </binding> 
    <binding name="TextStreamBindingHttpsNoSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="true" 
     maxBufferSize="4194304" maxReceivedMessageSize="4194304" messageEncoding="Text" 
     transferMode="StreamedResponse"> 
     <security mode="Transport"> 
     <transport clientCredentialType="None"/> 
     </security> 
    </binding> 
    <binding name="mexHttpBinding"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Windows" proxyCredentialType="Windows"/> 
     </security> 
    </binding> 
    <binding name="mexNtlmHttpBinding"> 
     <security mode="TransportCredentialOnly"> 
     <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"/> 
     </security> 
    </binding> 
    </basicHttpBinding> 
</bindings> 
<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true--> 
<behaviors> 
    <serviceBehaviors> 
    <behavior name="CellStorageServiceBehavior"> 
     <serviceMetadata httpGetEnabled="true" /> 

     <serviceDebug includeExceptionDetailInFaults="true" /> 

    </behavior> 
    <behavior name="CellStorageServiceHttpsBehavior"> 
     <serviceMetadata httpsGetEnabled="true" /> 

     <serviceDebug includeExceptionDetailInFaults="true" /> 
    </behavior> 
    <behavior name="ClaimProviderWebServiceBehavior" > 
     <serviceMetadata httpGetEnabled="true" /> 
     <serviceDebug includeExceptionDetailInFaults="false" /> 
    </behavior> 
    <behavior name="HttpsClaimProviderWebServiceBehavior" > 
     <serviceMetadata httpsGetEnabled="true" /> 
     <serviceDebug includeExceptionDetailInFaults="false" /> 
    </behavior> 
    </serviceBehaviors> 
    <endpointBehaviors> 
    <behavior name="HttpBinding.LargeDataEndpointBehavior"> 
     <dataContractSerializer maxItemsInObjectGraph="2147483647" /> 
    </behavior> 
    </endpointBehaviors> 
</behaviors> 

和这样的搜索结果后，周来调用Windows 8应用

private async void ConfigureHttpsProxy() 
    { 
     try 
     { 
      SecurityBindingElement securityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); 
      HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); 
      httpsTransport.AuthenticationScheme = System.Net.AuthenticationSchemes.Ntlm; 

      CustomBinding binding = new CustomBinding(securityElement, httpsTransport); 
      binding.Name = "StreamBindingHttps"; 

      EndpointAddress remoteAddress = new EndpointAddress(addressHttps); 

      var client = new ServiceHosted.ServiceHostedClient(binding, remoteAddress); 
      client.ClientCredentials.UserName.UserName = "UserName"; 

      client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; 

      var result = await client.GetUserAsync("ahmed", "123456"); 

      var x = result.DepartmentName; 
     } 
     catch { }   
    } 

Answer 1

服务是如下：

NTLM解决方案步骤： 1-从中心管理： 中心管理： NT AUTHORITY \本地 - >完全控制 当前用户 - >完全控制

验证提供商 索赔基于身份验证 - >默认 启用匿名访问 启用Windows - >的Kerberos

2-从Web配置： 将以下节点添加到服务的serviceBehaviors行为节点。

3-从客户端： _serviceClient.ClientCredentials.Windows.ClientCredential =新System.Net.NetworkCredential（ “用户名”， “口令”）; _serviceClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;

4-从服务端： 在网站上启用模拟。通过使用WindowsIdentity.Impersonate（token）为整个站点启用ASP.NET模拟或临时模拟用户。 将以下属性添加到需要模拟的WCF服务中的每个方法。 [OperationBehavior（模拟= ImpersonationOption.Allowed）]

更多细节回链接： http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx

http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx