Tridion 2011核心服务:无法在SSO环境中进行连接

Question

在尝试连接到Core Service时,出现以下错误:

客户端身份验证方案"Anonymous"禁止HTTP请求

Tridion环境使用SiteMinder中的SSO进行配置.

这是我的代码:

public static ICoreService2010 GetTridionClient()
{
    var binding = new BasicHttpBinding()
    {
        Name = "BasicHttpBinding_TridionCoreService",
        CloseTimeout = new TimeSpan(0, 1, 0),
        OpenTimeout = new TimeSpan(0, 1, 0),
        ReceiveTimeout = new TimeSpan(0, 10, 0),
        SendTimeout = new TimeSpan(0, 1, 0),
        AllowCookies = false,
        BypassProxyOnLocal = false,
        HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
        MaxBufferSize = 4194304, // 4MB
        MaxBufferPoolSize = 4194304,
        MaxReceivedMessageSize = 4194304,
        MessageEncoding = WSMessageEncoding.Text,
        TextEncoding = System.Text.Encoding.UTF8,
        TransferMode = TransferMode.Buffered,
        UseDefaultWebProxy = true,
        ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        {
            MaxDepth = 32,
            MaxStringContentLength = 4194304, // 4MB
            MaxArrayLength = 4194304,
            MaxBytesPerRead = 4194304,
            MaxNameTableCharCount = 16384
        },
        Security = new BasicHttpSecurity()
        {
            Mode = BasicHttpSecurityMode.TransportCredentialOnly,
            Transport = new HttpTransportSecurity()
            {
                ClientCredentialType = HttpClientCredentialType.None,
            },
            Message = new BasicHttpMessageSecurity()
            {
                ClientCredentialType = BasicHttpMessageCredentialType.UserName
            }
        }
    };

    string hostname = ConfigurationManager.AppSettings["TridionUrl"];
    string username = ConfigurationManager.AppSettings["TridionUsername"];

    hostname = string.Format("{0}{1}{2}", 
                              hostname.StartsWith("http") ? "" : "http://",
                              hostname, 
                              hostname.EndsWith("/") ? "" : "/");
    var endpoint = new EndpointAddress(hostname +
                              "/webservices/CoreService.svc/basicHttp_2010");
    var factory = new ChannelFactory<ICoreService2010>(binding, endpoint);
    factory.Credentials.UserName.UserName = username;

    return factory.CreateChannel();
}

有没有人有使用Windows以外的身份验证类型与Core Service进行交互的经验？

更新:

我现在得到错误:

客户端身份验证方案"Basic"禁止HTTP请求.

什么clientCredentialType应该在/webservices/web.config中用于绑定？

当我取消注释/webservies/web.config中的SsoAgentHttpModule时,我们在webservice上收到500错误,因此SDL告诉我们将此注释掉.

我认为CoreService需要使用此模块进行身份验证方案'Basic'的身份验证？

Answer 1

您的代码有2个问题:

1. 您已在服务器上将authenticntiction设置为匿名,并假设应在客户端上设置相同,但事实并非如此.您还启用了在启用匿名身份验证后立即启动的服务器上的LDAP SSO模块.在客户端,它看起来像普通的基本身份验证,因此您的客户端安全代码应如下所示:

   Security = new BasicHttpSecurity() 
       { 
           Mode = BasicHttpSecurityMode.TransportCredentialOnly, 
           Transport = new HttpTransportSecurity() 
           { 
               ClientCredentialType = HttpClientCredentialType.Basic, 
           }
       } 
   

2. 您已设置用户名,但未设置密码,因此:

   factory.Credentials.UserName.UserName = username;
   factory.Credentials.UserName.Password = password; 
   

另外,请记住,在设置用户时可能需要指定用户名限定符(默认为SSO),如SSO\user

如果您仍然遇到问题,这应该会让您更近一步 - 请使用最近的例外情况更新您的问题.