Я разработал очень простой хост и клиент, которые я хотел использовать для проверки того, сможет ли клиент WCF передавать учетные данные пользователя входа в систему на хост-службу без требуя от пользователя повторного ввода своих учетных данных или настройки безопасности.Аутентификация Windows с использованием WCF и самостоятельного хостинга
Мой хозяин конфигурации выглядит следующим образом:
<configuration>
<system.serviceModel>
<services>
<service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
<host>
<baseAddresses>
<add baseAddress = "http://localhost:8000/WCFTest/CalculatorService/" />
<add baseAddress = "net.tcp://localhost:9000/WCFTest/CalculatorService/" />
</baseAddresses>
</host>
<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
<endpoint address ="netTcpEP" binding="netTcpBinding" contract="WCFTest.ICalculatorService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfig">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.CalculatorBehavior">
<serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" />
<serviceCredentials >
<windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Мой клиент конфигурации выглядит следующим образом:
<configuration>
<configSections>
<sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<section name="WCFClient.Settings1" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />
</sectionGroup>
</configSections>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ICalculatorService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<netTcpBinding>
<binding name="NetTcpBinding_ICalculatorService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10"
maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10"
maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="http://ldndwm286380:8000/WCFTest/CalculatorService/basicHttpEP"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICalculatorService"
contract="CalcService.ICalculatorService" name="BasicHttpBinding_ICalculatorService" />
<endpoint address="net.tcp://ldndwm286380:9000/WCFTest/CalculatorService/netTcpEP"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_ICalculatorService"
contract="CalcService.ICalculatorService" name="NetTcpBinding_ICalculatorService">
</endpoint>
</client>
</system.serviceModel>
<userSettings>
<WCFClient.Settings1>
<setting name="Setting" serializeAs="String">
<value>True</value>
</setting>
</WCFClient.Settings1>
</userSettings>
</configuration>
Мой клиент код:
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Press enter to start");
Console.ReadLine();
CalcService.ICalculatorService httpCalcService = new CalcService.CalculatorServiceClient("BasicHttpBinding_ICalculatorService");
Console.WriteLine(httpCalcService.AddValues(new int[] { 1, 2, 3 }).Value);
Console.ReadLine();
CalcService.ICalculatorService TcpCalcService = new CalcService.CalculatorServiceClient("NetTcpBinding_ICalculatorService");
Console.WriteLine(httpCalcService.AddValues(new int[] { 5, 10, 15 }).Value);
Console.ReadLine();
}
}
Это прекрасно работает, если я бегу клиент на моем ПК. При запуске клиента на компьютере коллеги, я получаю этот стек исключений на клиенте:
Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oX0we6ADCgEBonQEcm BwBgkqhkiG9xIBAgIDAH5hMF+gAwIBBaEDAgEepBEYDzIwMTAwMzExMTAzNjAzWqUFAgMEDFimAwIBKakYGxZJTlRSQU5FVC5CQVJDQVBJTlQuQ09NqhowGK ADAgEBoREwDxsNTERORFdNMjg2MzgwJA=='. ---> System.Net.WebException: The remote server returned an error: (401) Unauthoriz ed. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob) at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boole an preAuthenticate) at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials) at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials) at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) at System.Net.HttpWebRequest.CheckResubmitForAuth() at System.Net.HttpWebRequest.CheckResubmit(Exception& e) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeou t) --- End of inner exception stack trace ---
Любая помощь приветствуется,
Спасибо,
Ник
Большое спасибо - можно ли это установить программно? – ng5000
В объекте EndpointAddress есть свойство «Идентификация». Вы можете установить это в объект SpnEndpointIdentity, который берет имя принципала, который вы используете. – Kwal