尝试连接到核心服务时出现以下错误:
The HTTP request was forbidden with client authentication scheme 'Anonymous'
Tridion 环境配置了来自 SiteMinder 的 SSO。
这是我的代码:
public static ICoreService2010 GetTridionClient()
{
var binding = new BasicHttpBinding()
{
Name = "BasicHttpBinding_TridionCoreService",
CloseTimeout = new TimeSpan(0, 1, 0),
OpenTimeout = new TimeSpan(0, 1, 0),
ReceiveTimeout = new TimeSpan(0, 10, 0),
SendTimeout = new TimeSpan(0, 1, 0),
AllowCookies = false,
BypassProxyOnLocal = false,
HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
MaxBufferSize = 4194304, // 4MB
MaxBufferPoolSize = 4194304,
MaxReceivedMessageSize = 4194304,
MessageEncoding = WSMessageEncoding.Text,
TextEncoding = System.Text.Encoding.UTF8,
TransferMode = TransferMode.Buffered,
UseDefaultWebProxy = true,
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxDepth = 32,
MaxStringContentLength = 4194304, // 4MB
MaxArrayLength = 4194304,
MaxBytesPerRead = 4194304,
MaxNameTableCharCount = 16384
},
Security = new BasicHttpSecurity()
{
Mode = BasicHttpSecurityMode.TransportCredentialOnly,
Transport = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.None,
},
Message = new BasicHttpMessageSecurity()
{
ClientCredentialType = BasicHttpMessageCredentialType.UserName
}
}
};
string hostname = ConfigurationManager.AppSettings["TridionUrl"];
string username = ConfigurationManager.AppSettings["TridionUsername"];
hostname = string.Format("{0}{1}{2}",
hostname.StartsWith("http") ? "" : "http://",
hostname,
hostname.EndsWith("/") ? "" : "/");
var endpoint = new EndpointAddress(hostname +
"/webservices/CoreService.svc/basicHttp_2010");
var factory = new ChannelFactory<ICoreService2010>(binding, endpoint);
factory.Credentials.UserName.UserName = username;
return factory.CreateChannel();
}
是否有人有使用 Windows 以外的身份验证类型与核心服务交互的经验?
更新:
我现在得到错误:
The HTTP request was forbidden with client authentication scheme 'Basic'.
应该在/webservices/web.config 中为绑定(bind)使用什么 clientCredentialType?
当我取消注释/webservies/web.config 中的 SsoAgentHttpModule 时,我们在 Web 服务上收到 500 错误,因此 SDL 告诉我们将此注释掉。
我认为 CoreService 需要此模块才能使用身份验证方案“基本”进行身份验证?
最佳答案
您的代码有两个问题:
您已在服务器上将身份验证设置为匿名,并假定在客户端上也应设置相同的身份验证,但事实并非如此。您还在服务器上启用了 LDAP SSO 模块,一旦您打开匿名身份验证,该模块就会启动。在客户端,它看起来像普通的基本身份验证,因此您的客户端安全代码应该是这样的:
Security = new BasicHttpSecurity() { Mode = BasicHttpSecurityMode.TransportCredentialOnly, Transport = new HttpTransportSecurity() { ClientCredentialType = HttpClientCredentialType.Basic, } }
您已经设置了用户名,但没有设置密码,所以:
factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password;
此外,请记住,您可能需要在设置用户时指定用户名限定符(默认为 SSO),例如 SSO\user
如果您仍然遇到问题,这应该让您更进一步 - 请更新您的问题,最近异常(exception)。
关于c# - Tridion 2011 核心服务 : Unable to connect in a SSO environment,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9625204/