we wrote a WCF service, deployed on IIS. we chose Integrated Windows Authentication. service can not be used in this case but if we can set the authentication method of the IIS virtual directory to "Anonymous" for WCF services, then the error will go away. But "Anonymous" is not acceptable for our WCF service. We have to use Integrated Windows Authentication to authenticate the client. Any one knows how to fix this problem?
Thanks in advance,
Ashish
You have to do a few things:
- Uncheck the anonymous access from your Virtual forlder and check Integrated windows security.
Create the following binding configuration:
<basicHttpBinding> <binding name="Binding1"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" /> </security> </binding> </basicHttpBinding>Apply the above configuration to your service and mex:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="Binding1" contract="IService"> </endpoint> <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="Binding1" contract="IMetadataExchange"> </endpoint>Create a client and use NetworkCredential to pass your credentials:
ServiceReference.MyClient proxy = new ServiceReference.MyClient(); proxy.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("MACHINENAME\\USERACCOUNT", "passwrd"); proxy.YourServiceOperation();
There are other ways to set username & password indivdually but it didn't work in .Net 4.0. USERACCOUNT is a domain account or LDAP to which your WCF host computer is joined to. If server isnt joined to a domain then create an account locally by running "lusrmgr.msc"
There are two main things that you need to watch out for:
- Is your configuration aligned: IIS, web.config (system.web and WCF)
- Is your client sending windows authentication information with the request
It is probably the second that is giving you problems. The IIS log should contain which user is making the call.
来源:https://stackoverflow.com/questions/1367653/wcf-service-windows-authentication