我正在调用如下Web服务(名为SecurityService):
SecurityService.Service securityService = new SecurityService.Service();
securityService.Credentials = networkCredential;
return securityService.GetUserToken();
该服务已启用Windows身份验证,仅此一项。 上面的这段代码可以在远程计算机上运行。
当我将相同的代码推送到运行此服务的IIS服务器时,出现401错误:
The request failed with HTTP status 401: Unauthorized.
我用WCF尝试了同一段代码:
ServiceSoapClient client = new ServiceSoapClient();
client.ClientCredentials.Windows.ClientCredential = networkCredential;
return client.GetUserToken();
具有以下设置:
<binding name="ServiceSoap">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
</security>
</binding>
同样,在服务器上,我无法从连接到该服务器的另一台机器上进行身份验证。
以下是通过Web服务进行高级日志记录捕获的标头:
工作时:
sc-win32-status WWW-Authenticate Authorization
2147024891 "NTLM,Negotiate" -
0 - "Negotiate TlRMTVNTUAADAAAAGAAYAIoAAACi...."
失败时,从同一服务器内调用:
sc-win32-status WWW-Authenticate Authorization
2147024891 "NTLM,Negotiate" -
1073741715 "NTLM,Negotiate" "Negotiate ADAAAAGAAYAI4AAACiAaIBpgAAABoAGgBY..."
使用WCF时,我也收到此消息,而不是普通的401错误:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM,Negotiate'. ---> The remote server returned an error: (401) Unauthorized.
错误1073741715的解释:
STATUS_LOGON_FAILURE (-1073741715 (0xC000006D))
The attempted logon is not valid. This is due to either an incorrect user name or incorrect authentication information.
从服务器内部运行时,我的代码以某种方式无法正确验证Web服务。
这里是指向同一问题的链接。答案并不适用:
401 Client 'Negotiate', Server 'Negotiate,NTLM' When Calling WCF Server to Server
答案 0 :(得分:0)
您需要向与IIS应用程序相关的IIS Web应用程序或IIS应用程序池提供用户凭据。
为此
...按钮还请确保该应用程序不使用自定义用户。或者,单击IIS App,然后从右窗格中单击高级设置。之后,修改物理路径凭据和物理页凭据登录类型