Wcf Basic authentication

六眼飞鱼酱① 提交于 2019-12-04 00:06:26
Trent Scholl

Change the name and contract of the service to include the namespace.

Also, remove the endpoint address (set it to "") and don't include proxyCredentialType in the transport tag.

End result of the web.config should look something like this

  <system.serviceModel>

    <services>
      <service name="MyNameSpace.MyService" behaviorConfiguration="asdf">
        <endpoint address="" binding="basicHttpBinding" 
            bindingConfiguration="httpBinding" contract="MyNameSpace.IMyService" />
      </service>
    </services>

    <diagnostics>
      <endToEndTracing activityTracing="true" messageFlowTracing="true" 
          propagateActivity="true">
      </endToEndTracing>
    </diagnostics>

    <bindings>
      <basicHttpBinding>
        <binding name="httpBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="asdf">
          <!-- To avoid disclosing metadata information, set the value below to 
               false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, 
               set the value below to true.  Set to false before deployment to avoid 
               disclosing exception information -->
          <serviceDebug  includeExceptionDetailInFaults="true" />

        </behavior>
      </serviceBehaviors>
    </behaviors>

    <serviceHostingEnvironment multipleSiteBindingsEnabled="false"/>

  </system.serviceModel>

Try for both client and server configs

<basicHttpBinding>
    <binding name="BasicHttpBinding_IService">
        <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
        </security>
    </binding>
</basicHttpBinding>

Install/Enable basic authentication

You may also need to install and apply basic authentication in IIS.

Goto "Programs and Features" / "Turn windows features on/off ". Enable "basic authentication" somewhere under IIS and security.

I closed and opened the IIS console and was able to enable it under authentication settings.

This of course if for a development testing and it warns you about not having an SSL certificate.

You're not allowed to use username authentication over an unsecured connection

You can secure the message by using a secure transport (e.g. SSL) or message encryption (using certificates)

I have used ClearUsernameBinding in the past to great success, but I don't recommend it in production. I used it so that I could keep all my authentication code the same without requiring SSL in dev/test environments, but having it work with SSL by changing the configuration only.

Note: that custom binding isn't perfect, and I had to change it a bit to enable certain configuration changes.

This is what solved the issue for me:

<bindings>
  <basicHttpBinding>
    <binding>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

For reference see: https://msdn.microsoft.com/en-gb/library/ff648505.aspx

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!