设置安全的SSL，WCF使用Windows身份验证

Question

好吧，我真的需要帮助获取此设置。目前我有一个ssl证书安装。作为应用程序，我在iis中安装了一个wcf服务。我已经将它设置为需要ssl，并且我能够连接到该服务。问题是我想要Windows身份验证。我想禁用匿名安全。不久，我禁用匿名并保持Windows身份验证。我收到一个错误： “主机上配置的身份验证方案（'IntegratedWindowsAuthentication'）不允许在绑定'BasicHttpBinding'（'匿名'）上配置的身份验证方案。请确保SecurityMode设置为Transport或TransportCredentialOnly.etc等....“

当我用Windows身份验证重新打开匿名。是的，我可以访问服务，但它不使用Windows认证..它的奇怪，因为其他文件，如test.html例如仍然需要用户名/密码。我不知道如何正确地限制一个web服务使用ssl的Windows身份验证...任何人都可以帮助我？请

<?xml version="1.0"?> 
<configuration> 
    <system.web> 
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" /> 
    <customErrors mode="Off"/> 
</system.web> 
<system.serviceModel> 


<bindings> 
    <wsHttpBinding> 
    <binding name="TransportSecurity"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows" /> 
     </security> 


     <readerQuotas maxDepth="2147483647" 
      maxStringContentLength="2147483647" 
      maxArrayLength="2147483647" 
      maxBytesPerRead="2147483647" 
      maxNameTableCharCount="2147483647" /> 
    </binding> 
    </wsHttpBinding> 
</bindings> 
<services> 
    <service name="WcfConcur.ConcurService"> 
     <endpoint address="" 
       binding="wsHttpBinding" 
       bindingConfiguration="TransportSecurity" 
       contract="WcfConcur.IConcurService"/> 

<endpoint address="mex" 
       binding="mexHttpsBinding" 
       contract="IMetadataExchange" /> 
    </service> 
</services> 


<behaviors> 
    <serviceBehaviors> 
    <behavior> 


     <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
     <serviceMetadata httpsGetEnabled="true"/> 
     <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
     <serviceDebug includeExceptionDetailInFaults="true"/> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 

</system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    </system.webServer> 


</configuration> 

在客户端，我添加了对wcf的引用。并自动下载。事情是，托管我INTIAL WCF地址是https://address/whatever.svc和它下载的时候它显示http://internal地址我不知道如果多数民众赞成问题

<?xml version="1.0" encoding="utf-8" ?> 
     <configuration> 
      <startup> 
       <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client" /> 
      </startup> 
      <system.serviceModel> 
        <client> 
        <endpoint address="http://internal address/wcfConcurService/ConcurService.svc" 
      binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IConcurService" 
      contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" /> 
      </client> 
       <bindings> 
        <basicHttpBinding> 
        <binding name="BasicHttpBinding_IConcurService" /> 
       </basicHttpBinding> 
        </bindings> 

      </system.serviceModel> 
     </configuration> 

Answer 1

错误消息抛出，当禁用匿名访问，似乎表明了问题与客户端配置。

客户端配置似乎使用basicHttpBinding，它与使用wsHttpBinding的服务器配置不同。要解决绑定问题，您应该将服务器绑定配置复制到客户端配置文件，然后更新客户端端点以使用新的绑定配置。

您的客户端配置应该是这个样子：

<system.serviceModel> 
    <client> 
     <endpoint address="https://enter-external-address-here/wcfConcurService/ConcurService.svc" 
       binding="wsHttpBinding" bindingConfiguration="TransportSecurity" 
       contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" /> 
    </client> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="TransportSecurity"> 
      <security mode="Transport"> 
      <transport clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    </system.serviceModel>