使用 Windows 身份验证设置安全 SSL、WCF

Question

好的，我真的需要帮助才能进行此设置。目前我安装了 ssl 证书。我在 iis 中安装了一个 wcf 服务作为应用程序。我已将其设置为需要 ssl，并且我能够连接到该服务。问题是我想要 Windows 身份验证。我想禁用匿名安全。一旦我禁用匿名并保持 Windows 身份验证。我收到一个错误： “主机上配置的身份验证方案（'IntegratedWindowsAuthentication'）不允许在绑定'BasicHttpBinding'（'Anonymous'）上配置的身份验证方案。请确保将SecurityMode设置为Transport或TransportCredentialOnly.etc等......“

当我使用 Windows 身份验证重新打开匿名时。是的，我可以访问该服务，但它不使用 Windows 身份验证。这很奇怪，因为其他文件（例如 test.html）仍然需要用户名/密码。我不知道如何使用 ssl 正确限制 Windows auth 的 web 服务......谁能帮助我？请

 <?xml version="1.0"?>
 <configuration>
   <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <customErrors mode="Off"/>
 </system.web>
 <system.serviceModel>


<bindings>
  <wsHttpBinding>
    <binding name="TransportSecurity">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>


      <readerQuotas maxDepth="2147483647"
          maxStringContentLength="2147483647"
          maxArrayLength="2147483647"
          maxBytesPerRead="2147483647"
          maxNameTableCharCount="2147483647" />
    </binding>
  </wsHttpBinding>
</bindings>
 <services>
     <service name="WcfConcur.ConcurService">
        <endpoint address=""
               binding="wsHttpBinding"
               bindingConfiguration="TransportSecurity"
               contract="WcfConcur.IConcurService"/>

<endpoint address="mex"
               binding="mexHttpsBinding"
              contract="IMetadataExchange" />
  </service>
</services>


<behaviors>
  <serviceBehaviors>
    <behavior>


      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>


</configuration>

在客户端，我添加了对 wcf 的引用。它会自动下载它。问题是我托管的初始 wcf 地址是 https://address/whatever.svc，当它下载时显示 http://internal 地址，我不知道这是否是问题

   <?xml version="1.0" encoding="utf-8" ?>
        <configuration>
          <startup>
                <supportedRuntime version="v4.0"    sku=".NETFramework,Version=v4.0,Profile=Client" />
            </startup>
             <system.serviceModel>
                  <client>
                  <endpoint address="http://internal address/wcfConcurService/ConcurService.svc"
             binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IConcurService"
             contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
            </client>
               <bindings>
                  <basicHttpBinding>
                     <binding name="BasicHttpBinding_IConcurService" />
                </basicHttpBinding>
                  </bindings>

           </system.serviceModel>
        </configuration>

Answer 1

当匿名访问被禁用时抛出的错误消息似乎表明客户端配置存在问题。

客户端配置似乎使用basicHttpBinding，这与使用wsHttpBinding 的服务器配置不同。要解决绑定问题，您应该将服务器绑定配置复制到客户端配置文件，然后更新客户端端点以使用新的绑定配置。

您的客户端配置应如下所示：

  <system.serviceModel>
    <client>
      <endpoint address="https://enter-external-address-here/wcfConcurService/ConcurService.svc"
               binding="wsHttpBinding" bindingConfiguration="TransportSecurity"
               contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
    </client>
    <bindings>
      <wsHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>