情況:WCF服務在瀏覽器中可以正常瀏覽,但是通過程序調用提示:
HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'
。
詳細錯誤信息:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
解決方法(以匿名訪問):
1.檢查當前服務的身份驗證模式是否和WCF在config中配置的模式是否一致。例如:
<binding name="BasicHttpBinding_Service" closeTimeout="00:00:30" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" useDefaultWebProxy="true" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <security mode="None"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName"/> </security> </binding>
加密模式為None。那么就應該檢查是IIS中該服務身份驗證模式否開啟了【匿名訪問】。
2.確認【我的電腦】-右鍵-【管理】-【本地用戶和組】-【用戶】中是否存在IIS中匿名訪問所設置的用戶。
XP:默認為用戶名稱。默認用戶名格式:IUSER_計算機名。如果沒有該計算機名稱,那么需要添加該用戶。確保該用戶未被禁用。
Win7:默認為用戶類型。默認的用戶類型為:IUSER
以上為我的實際解決方法。
以下為網上提供的其他 的解決方法:
HTTP request is unauthorized with client authentication scheme 'Anonymous'.
當使用VS2008 作為client call sharepoint的service(WCF)的時候顯示異常:
HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'。
我的解決方法:
1,使用http的endpoint:
<security mode="TransportCredentialOnly">
2,使用https的endpoint:
<security mode="Transport">
粘貼出client端的app.config
代碼 <?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <!--<extendedProtectionPolicy policyEnforcement="Never" />--> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://SUT02/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService" /> <endpoint address="https://SUT02:443/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService1" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService1" /> </client> </system.serviceModel> </configuration>
client端的代碼如下:
代碼 static void Main(string[] args) { BusinessDataCatalogSharedServiceClient client = new BusinessDataCatalogSharedServiceClient("BasicHttpBinding_BusinessDataCatalogSharedService1"); client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; client.ClientCredentials.UserName.UserName = @"domain\userName"; client.ClientCredentials.UserName.Password = "Password"; client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "Password", "domain"); AcceptAllCertificate(); try { Guid guid = client.GetServiceApplicationId(); } catch (Exception ex) { throw; } } /// <summary> /// Case request Url include HTTPS and TCP prefix, use this function to avoid closing base connection. /// Local client will accept all certificate after execute this function. /// </summary> public static void AcceptAllCertificate() { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); } /// <summary> /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication. /// In our adapter,we make this method always return true, make client can communicate with server under HTTPS without a certification. /// </summary> /// <param name="sender">An object that contains state information for this validation.</param> /// <param name="certificate">The certificate used to authenticate the remote party.</param> /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param> /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param> /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns> private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
解決方案
1 配置IIS
網站->屬性->目錄安全性->身份驗證方法: 同時選中”匿名訪問”和”集成Windows身份驗證”
2 配置WCF客戶端的Config文件: 有3處地方: 1)security mode, 2)end point的behaviorConfiguration, 3)behaviors
<system.serviceModel> <bindings> <basicHttpBinding> <binding …> <readerQuotas … /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint ... behaviorConfiguration="ImpersonationBehavior"/> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehavior"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel>