与基本身份验证通过使用Windows(NTLM)身份验证的代理访问Web服务
我有一个使用基本身份验证的Web服务。我也有一个使用Web服务的Windows窗体应用程序。当它启动时,系统会要求用户提供凭据,然后再使该服务的任何请求时使用。
I have a web service that uses basic authentication. I also have a Windows Forms application that uses the web service. When it starts up, the user is asked for credentials, which are then used when making any requests to the service.
问题是,应用程序被从企业网络内所使用的客户端。他们所有的互联网流量是通过使用Windows身份验证的代理路由。我试图配置我的应用程序发出请求时,要正确使用代理服务器。
Problem is, the app is used by a client from within a corporate network. All their internet traffic is routed through a proxy that uses Windows authentication. I'm trying to configure my application to correctly use that proxy when making requests.
到目前为止,我已经在我的客户端应用程序的app.config中:
So far I have this in my client application's app.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="mySoap" closeTimeout="00:02:00" openTimeout="00:02:00"
receiveTimeout="00:10:00" sendTimeout="00:02:00" allowCookies="false"
bypassProxyOnLocal="true" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Windows"
realm="myrealm" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.myservice.com/service.asmx"
binding="basicHttpBinding" bindingConfiguration="mySoap"
contract="MyPublicService.mySoap" name="mySoap" />
</client>
</system.serviceModel>
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
你认为这是否可行呢?我不能轻易地对其进行测试。该应用程序和服务已经过测试,没有代理,他们工作得很好,我只需要正确配置代理服务器。
Do you think that's going to work? I can't easily test it. The app and service have been tested without the proxy and they work just fine, I just need to configure the proxy correctly.
理论上,该配置将确保所有请求使用默认代理,它使用Windows验证。它会使用默认的凭据,这将是建立在自己的Windows设置。然后它会使用用户提供的凭据对Web服务进行基本的身份验证。
Theoretically, this configuration would make sure that all requests use the default proxy, which uses Windows authentication. It would use the default credentials, which would be set up in their Windows settings. And then it would use the user-provided credentials to perform basic authentication on the web service.
更新
客户端尝试了这一点,并得到了一个400错误回:
The client tried this and got a 400 error back:
System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (400) Bad Request. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
它工作正常,当我从我的机器上尝试没有代理。知道为什么吗?
It works fine when I try from my machine without the proxy. Any idea why?
400错误是不相关的问题。授权与NTLM代理似乎与此配置工作。
The 400 error is not related to the issue. Authorisation with the NTLM proxy seems to be working with this config.
更新:
我改变了服务器的安全配置,以接受文摘为好。然后有设置用户名和密码时,使在code小的变化,并开始工作。貌似结合有问题的基本身份验证。
I changed the server's security configuration to accept Digest as well. Then had to make small changes in the code when setting user name and password, and it started working. Looks like the binding had issues with Basic authentication.