HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'。
情况:WCF服务在浏览器中可以正常浏览,但是通过程序调用提示:
HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'。
详细错误信息:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
解决方法(以匿名访问):
1.检查当前服务的身份验证模式是否和WCF在config中配置的模式是否一致。例如:
<binding name="BasicHttpBinding_Service" closeTimeout="00:00:30" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" useDefaultWebProxy="true" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <security mode="None"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName"/> </security> </binding>
加密模式为None。那么就应该检查是IIS中该服务身份验证模式否开启了【匿名访问】。
2.确认【我的电脑】-右键-【管理】-【本地用户和组】-【用户】中是否存在IIS中匿名访问所设置的用户。
XP:默认为用户名称。默认用户名格式:IUSER_计算机名。如果没有该计算机名称,那么需要添加该用户。确保该用户未被禁用。
Win7:默认为用户类型。默认的用户类型为:IUSER
以上为我的实际解决方法。
以下为网上提供的其他 的解决方法:
HTTP request is unauthorized with client authentication scheme 'Anonymous'.
当使用VS2008 作为client call sharepoint的service(WCF)的时候显示异常:
HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'。
我的解决方法:
1,使用http的endpoint:
<security mode="TransportCredentialOnly">
2,使用https的endpoint:
<security mode="Transport">
粘贴出client端的app.config
代码 <?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="BasicHttpBinding_BusinessDataCatalogSharedService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="999999" maxBufferPoolSize="9999999" maxReceivedMessageSize="999999" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="99" maxStringContentLength="999999" maxArrayLength="999999" maxBytesPerRead="999999" maxNameTableCharCount="999999" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""> <!--<extendedProtectionPolicy policyEnforcement="Never" />--> </transport> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://SUT02/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService" /> <endpoint address="https://SUT02:443/_vti_bin/BdcAdminService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService1" contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService1" /> </client> </system.serviceModel> </configuration>
client端的代码如下:
代码 static void Main(string[] args) { BusinessDataCatalogSharedServiceClient client = new BusinessDataCatalogSharedServiceClient("BasicHttpBinding_BusinessDataCatalogSharedService1"); client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; client.ClientCredentials.UserName.UserName = @"domain\userName"; client.ClientCredentials.UserName.Password = "Password"; client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "Password", "domain"); AcceptAllCertificate(); try { Guid guid = client.GetServiceApplicationId(); } catch (Exception ex) { throw; } } /// <summary> /// Case request Url include HTTPS and TCP prefix, use this function to avoid closing base connection. /// Local client will accept all certificate after execute this function. /// </summary> public static void AcceptAllCertificate() { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); } /// <summary> /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication. /// In our adapter,we make this method always return true, make client can communicate with server under HTTPS without a certification. /// </summary> /// <param name="sender">An object that contains state information for this validation.</param> /// <param name="certificate">The certificate used to authenticate the remote party.</param> /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param> /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param> /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns> private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
解决方案
1 配置IIS
网站->属性->目录安全性->身份验证方法: 同时选中”匿名访问”和”集成Windows身份验证”
2 配置WCF客户端的Config文件: 有3处地方: 1)security mode, 2)end point的behaviorConfiguration, 3)behaviors
<system.serviceModel> <bindings> <basicHttpBinding> <binding …> <readerQuotas … /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint ... behaviorConfiguration="ImpersonationBehavior"/> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehavior"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel>