TIPS-設定WCF使用Windows認證
4 |
原本測試OK的WCF,在取消IIS匿名存取,改用整合式驗證後出現以下錯誤訊息:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
爬了一下文,大致的心得是要在web.config改變安全設定。原本的設定是VS2008建立AJAX enabled WCF時自動產生的:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="WebApiAspNetAjaxBehavior">
<enableWebScript/>
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
<service name="WebApi">
<endpoint address="" behaviorConfiguration="WebApiAspNetAjaxBehavior"
binding="webHttpBinding" contract="WebApi"/>
</service>
</services>
</system.serviceModel>
要修改為:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="WebApiAspNetAjaxBehavior">
<enableWebScript/>
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
<service name="WebApi">
<endpoint address="" behaviorConfiguration="WebApiAspNetAjaxBehavior"
binding="webHttpBinding" contract="WebApi"
bindingConfiguration="NTLMBinding"
/>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="NTLMBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
醬就可以柳~~~ (羞昂風)
Comments
# by Alfred
哈哈,看到羞昂我忍不住大笑 在上班耶,嗯湯啊嗯湯~
# by chunwaitam
我也是用這個方法... 但每當我的js file 呼叫wcf裏的方法時 它每次也會有兩個http request 第一個的回傳是HTTP/1.1 401 Unauthorized 而第二個的回傳是正常 請問大哥有遇到這問題嗎? 如有,請問你知道怎樣解決嗎
# by Jeffrey
to chunwaitam, 第一次IIS傳回401告知Browser需要驗證,第二次Browser送出夾帶身份驗證的Request,這算是正常的HTTP互動過程。
# by chunwaitam
o...thanks jeffrey 其實browse每1.5秒就要呼叫wcf... 請問有沒有方法在第一次呼叫時就把身份驗證夾在request裏? 因為network team 投訴我的application 佔用了很多bandwidth...