对HTTP请求进行未经授权的操作

对HTTP请求进行未经授权的操作

本文介绍了使用客户端身份验证方案“基本"对HTTP请求进行未经授权的操作.从服务器收到的身份验证标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

嘿!

我已经按照本文所述设置了服务:
( )

系统: Windows Vista 32 bit
Internet信息服务:启用了基本认证的IIS7
Visual Studio:运行IIS7而不是微型IIS的Visual Studio2008.

该服务上的web.config看起来像这样:

; beh avior name =" MyApp.ServiceImplementation.MyAppClientService_Behavior">

< serviceDebug includeExceptionDetailInFaults ="true" />
< serviceMetadata httpGetEnabled ="true" />
< serviceCredentials>
< userNameAuthentication userNamePasswordValidationMode =自定义"; customUserNamePasswordValidatorType ="Orbit.ServiceImplementation.CustomUsernamePasswordValidator,Orbit.ServiceImplementation" />
</serviceCredentials>
</behavior>


< binding name =""; BasicBinding1' closeTimeout ="00:20:00" openTimeout ="00:20:00" receiveTimeout ="00:20:00" sendTimeout ="00:20:00"; BypassProxyOnLocal ="false"; hostNameComparisonMode ="StrongWildcard" maxBufferSize ="2147483647"; maxBufferPoolSize ="2147483647"; maxReceivedMessageSize ="2147483647"; messageEncoding =文本" textEncoding ="utf-8"; useDefaultWebProxy ="true">
< readerQuotas maxDepth =" 2147483647" maxStringContentLength ="2147483647"; maxArrayLength ="2147483647"; maxBytesPerRead ="2147483647"; maxNameTableCharCount ="2147483647"; />
<安全模式=" TransportCredentialOnly">
< transport clientCredentialType ="Basic"; realm ="/>
</security>


该设置在此设置下可以正常工作.

客户端app.config如下所示:

< basicHttpBinding>
< binding name ="BasicBinding1"; closeTimeout ="00:20:00" openTimeout ="00:20:00"
接收时间="00:20:00" sendTimeout ="00:20:00"; allowCookies ="false"
hostNameComparisonMode ="StrongWildcard"
maxBufferSize ="2147483647"; maxBufferPoolSize ="2147483647"; maxReceivedMessageSize ="2147483647"
messageEncoding ="Text" textEncoding ="utf-8"; transferMode =缓冲"
useDefaultWebProxy ="true">
< readerQuotas maxDepth ="2147483647"; maxStringContentLength ="2147483647"
maxArrayLength ="2147483647" maxBytesPerRead ="2147483647"; maxNameTableCharCount ="2147483647"; />
<安全模式=< TransportCredentialOnly">
< transport clientCredentialType ="Basic"; realm =" />
</security>
</binding>
</basicHttpBinding>

但是当我尝试联系该服务时,出现以下错误:

""HTTP请求未经客户端身份验证方案'Basic'的授权.从服务器收到的身份验证标头是"Basic realm = \""localhost \""."

我该如何解决?为何适用?

Hey!

I have set up the service as this article states : http://www.leastprivilege.com/CommentView.aspx?guid=b0ed39eb-01d9-4711-8d38-92d932e2e8c3
(Usernames over Transport Authentication in WCF)

System : Windows Vista 32 bit
Internet Information Service : IIS7 with Basic Autentication enabled
Visual Studio : Visual Studio 2008 that runnes throug the IIS7 instead of the mini IIS

The web.config on the service looks like this:

                <behavior name="MyApp.ServiceImplementation.MyAppClientService_Behavior">
                    <dataContractSerializer maxItemsInObjectGraph="2147483647" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceCredentials>
                        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Orbit.ServiceImplementation.CustomUsernamePasswordValidator,Orbit.ServiceImplementation" />
                    </serviceCredentials>
                </behavior>


    <binding name="BasicBinding1" closeTimeout="00:20:00" openTimeout="00:20:00" receiveTimeout="00:20:00" sendTimeout="00:20:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
     <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
     <security mode="TransportCredentialOnly">
      <transport clientCredentialType="Basic" realm=""/>
     </security>
    </binding>

The service works fine with this settings.

The Client app.config looks like this :

      <basicHttpBinding>
        <binding name="BasicBinding1" closeTimeout="00:20:00" openTimeout="00:20:00"
          receiveTimeout="00:20:00" sendTimeout="00:20:00" allowCookies="false"
          bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
          messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
          useDefaultWebProxy="true">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
            maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Basic" realm="" />
          </security>
        </binding>
      </basicHttpBinding>

But when I try to contact the service I get the followin error:

"The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm=\"localhost\"'."

How do I solve this? And why do it appare?

推荐答案


这篇关于使用客户端身份验证方案“基本"对HTTP请求进行未经授权的操作.从服务器收到的身份验证标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-15 02:04