WCF - Windows身份验证 - 安全设置需要匿名

Question

我正努力在我们的服务器上运行IIS上运行WCF服务.部署后,我最终收到一条错误消息:

此服务的安全设置需要"匿名"身份验证,但不会为承载此服务的IIS应用程序启用它.

我想使用Windows身份验证,因此我禁用了匿名访问.另请注意,有aspNetCompatibilityEnabled(如果这有任何区别).

这是我的web.config:

<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <bindings>
        <webHttpBinding>
            <binding name="default">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
        <endpointBehaviors>
            <behavior name="AspNetAjaxBehavior">
                <enableWebScript />
                <webHttp />
            </behavior>
        </endpointBehaviors>
        <serviceBehaviors>
            <behavior name="defaultServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service name="xxx.Web.Services.RequestService" behaviorConfiguration="defaultServiceBehavior">
            <endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding"
             contract="xxx.Web.Services.IRequestService" bindingConfiguration="default">
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
</system.serviceModel>

我在互联网上搜索没有运气.任何线索都非常感谢.

Answer 1

所以这似乎是很常见的问题.关键是从绑定中删除mex:

<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

或者,您可以在IIS和web.config中启用匿名访问,以确保拒绝匿名访问.

希望这会有助于其他一些灵魂.(我100%肯定我尝试用mex删除.: - O)

Answer 2

您可以检查这一个.我设法让它按预期工作.

<configuration>
  ...
  <system.serviceModel>
    ...
    <bindings>
      <basicHttpBinding>
        <binding>
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    ...
  </system.serviceModel>
  ...
</configuration>

Answer 3

只需将您的服务绑定用于mex.

所以改变你当前的配置:

<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange"></endpoint>

至

<endpoint address="mex" binding="webHttpBinding" bindingConfiguration="default" name="mex" contract="IMetadataExchange"></endpoint>

那应该可以解决问题