WCF 中的 NTLM 身份验证调用 .net 核心 API

Question

我有一个 WCF 服务 (A)，它使用以下配置调用另一个 WCF 服务 (B)。

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />
</security> 

我正在从 .net 核心 (v2.2) 服务调用服务 B。我有以下设置：

BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
basicHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

// doesn't have Default as the option. Only TripleDes
//basicHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.TripleDes
basicHttpBinding.MaxReceivedMessageSize = int.MaxValue;
basicHttpBinding.ReceiveTimeout = new TimeSpan(250000000000);//Timespan in nanoseconds.

EndpointAddress endpointAddress = new EndpointAddress("http://");

customerServiceClient = new CustomerServiceClient(basicHttpBinding, endpointAddress);
NetworkCredential networkCredential = new NetworkCredential("user", "password", "domain");
customerServiceClient.ClientCredentials.Windows.ClientCredential = networkCredential;
customerServiceClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;

我收到错误消息：身份验证失败，因为无法重用连接。下面是异常的部分堆栈：

{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":null,"StackTrace":"   at System.Net.Http.HttpConnection.DrainResponseAsync(HttpResponseMessage response)\r\n   at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)\r\n   at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)\r\n   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n...

请告诉我如何解决这个问题。此外，此 API 将部署到 PCF 中。

谢谢， 阿伦

Answer 1

目前NetCore不支持消息安全模式。因此，下面的语句将不起作用。

basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

但是NetCore2.2支持TransportCredentialOnly安全模式的WCF服务。
这是调用服务的示例。

 ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
        NetworkCredential nc = new NetworkCredential("administrator", "abcd1234!");
        client.ClientCredentials.Windows.ClientCredential = nc;
        var result = client.TestAsync().Result;
        Console.WriteLine(result);

添加连接服务引用后，绑定设置和端点已经在 Reference.cs 文件中配置。
我们只需要修改默认的服务端点地址即可。

然后我们在客户端配置 Windows 凭据。在我这边，它有效。 请确保您的客户项目基于AspNet Core2.2 另外，请参考官方 Github 仓库中的讨论。可能对你有用。
https://github.com/dotnet/wcf/issues/2923
如果有什么我可以帮忙的，请随时告诉我。