问题描述

我已经阅读了这篇文章http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-iis
如果我设置了它，似乎工作正常当我将clientCredentialType设置为"Windows"时，将clientCredentialType设置为基本". ，匿名用户可以访问我的服务.

有人可以对此进行一些说明吗?如何禁用匿名用户.我已经在ISS 7.5中将其禁用.基本身份验证和Windows身份验证之间有什么区别?

***更新***
 当我将clientCredentialType设置为"Windows"时，并浏览到我的服务网址https://ServerName/myservice.svc，提示输入一个登录窗口，但是我可以只键入OK而不输入User Name和Password，仍然可以看到服务信息 页面.但是，如果我在虚拟目录上创建一个.html页面，则必须输入用户名和密码.否则，我将看不到该页面.

I have read this post http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-iis
It seems working fine if I set the  clientCredentialType to "Basic",however when I set the clientCredentialType to "Windows" ,the Anonymous user can access my services.

Can someone shine some light on this?How can I disable Anonymous users.I have already disable it in ISS 7.5. What are the differeces betwee basic Authentication and Windows Authentication ?

***Update***
 when I set the clientCredentialType to "Windows" and I browse to my service url https://ServerName/myservice.svc,I am prompt with a login window ,however I can just type OK without type in User Name and Password , I can still see the service information page.However if I create a.html page on the virtual directory,then I have to enter user name and password.Otherwise I can not see the page.

推荐答案

还要确保您已关闭IIS中的匿名访问.

Also make sure you've turned off anonymous access in IIS.

这篇关于通过basicHttpbinding为WCF启用Windows身份验证的SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！