上次介紹過如何設定WCF使用Windows認證,今天處理一個WCF部署時,如法泡製卻一直撞壁... 呼叫MyDataService.svc時始終彈出:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

比對與上回的WCF設定差異主要在於用的是basicHttpBinding,而不是上回說的webHttpBinding,所以我依經驗將web.config修改如下,但看來行不通。

<system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding name="BasicHttpEndpointBinding">
        <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Windows" />
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyDataServiceBehavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service
        behaviorConfiguration="MyDataServiceBehavior" 
        name="MyDataService">
        <endpoint address="" binding="basicHttpBinding"
        bindingConfiguration="BasicHttpEndpointBinding"
        name="BasicHttpEndpoint" contract="IMyDataService">
        </endpoint>              
        <endpoint address="mex" binding="mexHttpBinding" 
        contract="IMetadataExchange"/>
    </service>
  </services>
</system.serviceModel>

摸索加Google一陣子,找到一篇文章,提到mexHttpBinding預設會使用匿名存取,應該是導致前述問題的元凶,解決之道是比照basicHttpBinding也設成Windows驗證。

我評估部署的環境不需提供開發者WCF的Metadata,直接將<endpoint address="mex" ... />切除(其實是想偷懶),錯誤立刻消失,問題排除。


Comments

Be the first to post a comment

Post a comment