WCF 调用 .net 核心中的 NTLM 身份验证 API
NTLM authentication in WCF calling .net core API
我有一个 WCF 服务 (A) 使用以下配置调用另一个 WCF 服务 (B)。
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
我正在努力从 .net 核心 (v2.2) 服务调用服务 B。我有以下设置:
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
basicHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
// doesn't have Default as the option. Only TripleDes
//basicHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.TripleDes
basicHttpBinding.MaxReceivedMessageSize = int.MaxValue;
basicHttpBinding.ReceiveTimeout = new TimeSpan(250000000000);//Timespan in nanoseconds.
EndpointAddress endpointAddress = new EndpointAddress("http://");
customerServiceClient = new CustomerServiceClient(basicHttpBinding, endpointAddress);
NetworkCredential networkCredential = new NetworkCredential("user", "password", "domain");
customerServiceClient.ClientCredentials.Windows.ClientCredential = networkCredential;
customerServiceClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
我收到错误消息:身份验证失败,因为无法重新使用连接。下面是异常的部分堆栈:
{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":null,"StackTrace":" at System.Net.Http.HttpConnection.DrainResponseAsync(HttpResponseMessage response)\r\n at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)\r\n at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n...
请告诉我如何解决这个问题。此外,此 API 将部署到 PCF 中。
谢谢,
阿伦
目前NetCore不支持消息安全模式。因此下面的语句将不起作用。
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
但是 NetCore2.2 支持具有 TransportCredentialOnly 安全模式的 WCF 服务。
下面是一个调用服务的例子。
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
NetworkCredential nc = new NetworkCredential("administrator", "abcd1234!");
client.ClientCredentials.Windows.ClientCredential = nc;
var result = client.TestAsync().Result;
Console.WriteLine(result);
添加连接服务引用后,绑定设置和端点已在 Reference.cs 文件中配置。
我们只需要修改默认的服务端点地址即可。
然后我们在客户端配置 Windows 凭证。在我这边,它有效。
请确保您的客户项目基于 AspNet Core2.2
此外,请参考官方 Github 存储库中的讨论。它可能对你有用。
https://github.com/dotnet/wcf/issues/2923
如果有什么我可以帮忙的,请随时告诉我。
我有一个 WCF 服务 (A) 使用以下配置调用另一个 WCF 服务 (B)。
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
我正在努力从 .net 核心 (v2.2) 服务调用服务 B。我有以下设置:
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
basicHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
// doesn't have Default as the option. Only TripleDes
//basicHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.TripleDes
basicHttpBinding.MaxReceivedMessageSize = int.MaxValue;
basicHttpBinding.ReceiveTimeout = new TimeSpan(250000000000);//Timespan in nanoseconds.
EndpointAddress endpointAddress = new EndpointAddress("http://");
customerServiceClient = new CustomerServiceClient(basicHttpBinding, endpointAddress);
NetworkCredential networkCredential = new NetworkCredential("user", "password", "domain");
customerServiceClient.ClientCredentials.Windows.ClientCredential = networkCredential;
customerServiceClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
我收到错误消息:身份验证失败,因为无法重新使用连接。下面是异常的部分堆栈:
{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":null,"StackTrace":" at System.Net.Http.HttpConnection.DrainResponseAsync(HttpResponseMessage response)\r\n at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)\r\n at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n...
请告诉我如何解决这个问题。此外,此 API 将部署到 PCF 中。
谢谢, 阿伦
目前NetCore不支持消息安全模式。因此下面的语句将不起作用。
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
但是 NetCore2.2 支持具有 TransportCredentialOnly 安全模式的 WCF 服务。
下面是一个调用服务的例子。
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
NetworkCredential nc = new NetworkCredential("administrator", "abcd1234!");
client.ClientCredentials.Windows.ClientCredential = nc;
var result = client.TestAsync().Result;
Console.WriteLine(result);
添加连接服务引用后,绑定设置和端点已在 Reference.cs 文件中配置。
我们只需要修改默认的服务端点地址即可。
然后我们在客户端配置 Windows 凭证。在我这边,它有效。
请确保您的客户项目基于 AspNet Core2.2
此外,请参考官方 Github 存储库中的讨论。它可能对你有用。
https://github.com/dotnet/wcf/issues/2923
如果有什么我可以帮忙的,请随时告诉我。