web-services - 调用使用 Windows 凭据保护的 ASMX 服务

Question

我已经获得了一个 Web 服务 (ASMX) 来使用我需要使用的女巫 Windows 凭据 为了。

因此，我设置了我的客户端 VPN 并调用了 WSDL，保存为 XML 文件并使用 svcutil.exe 生成了代理类。 ， 到目前为止，一切都很好...

我将服务称为

// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(cUser, cPass, cDoma);

在 web.config我有这个设置:

  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="true" />
          <security mode="None">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
            <message clientCredentialType="Windows" algorithmSuite="Default" negotiateServiceCredential="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="wsHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap" />
    </client>
  </system.serviceModel>

但是当我尝试调用该服务时，我得到一个异常说:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'.

我错过了什么？ 由于我提供了 Windows 凭据，服务不应该正常进行身份验证吗？ 我还应该做什么？

我试过的:

设置安全模式至 Message 我得到了与上述问题相同的错误

设置安全模式至 TransportWithMessageCredential 我拿到
提供的 URI 方案“http”无效；预期为“https”。\r\n参数
姓名:通过

设置安全模式至 Transport 我得到了:绑定(bind)验证失败，因为 WSHttpBinding 不支持基于传输安全 (HTTPS) 的可靠 session 。无法打开 channel 工厂或服务主机。使用消息安全性通过 HTTP 进行安全可靠的消息传递。

来自 John Saunders评论:

我已切换到 basicHttpBinding

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="None">
            <transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="vm-wssrv01" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap" />
    </client>
  </system.serviceModel>

并尝试更改 security模式为:

TransportWithMessageCredential{"提供的 URI 方案 'http' 无效；应为 'https'。\r\n参数名称:通过"}

TransportCredentialOnly{"HTTP 请求未通过客户端身份验证方案 'Negotiate' 进行授权。从服务器收到的身份验证 header 是 'Basic realm=\"vm-wssrv01\"'。"}

Message{“BasicHttp 绑定(bind)要求 BasicHttpBinding.Security.Message.ClientCredentialType 等同于安全消息的 BasicHttpMessageCredentialType.Certificate 凭据类型。为 UserName 凭据选择 Transport 或 TransportWithMessageCredential 安全性。”}

Transport{"提供的 URI 方案 'http' 无效；应为 'https'。\r\n参数名称:通过"}

None{"HTTP 请求未经授权，客户端身份验证方案为“匿名”。从服务器收到的身份验证 header 为 'Basic realm=\"vm-wssrv01\"'。"}

我的想法不多了:(
该服务仅是 HTTP，不是 HTTPS，我没有可使用的证书...

Answer 1

3 天后，在 的大力帮助下约翰桑德斯 正如他所说，ASMX 服务唯一可能的绑定(bind)是basicHttpBinding。 (我对答案的搜索开始更加集中)我进入了这个:

在服务调用者中，必须使用 client.ClientCredentials.UserName作为:

// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.UserName.UserName = cUser;
client.ClientCredentials.UserName.Password = cPass;

在配置部分，需要使用:

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
        bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
        name="WebCorePlayersSoap">
        <identity>
          <dns value="localhost" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>