的SharePoint Web服务 - HTTP请求是未经授权的客户端身份验证方案“NTLM”。从服务器接收的身份验证标头是'NTLM“求是、身份验证、未经授权、客户端
我知道有很多的SO与此类似的问题,但我无法找到一个为这个特殊的问题。
I know there's a lot of questions on SO similar to this, but I couldn't find one for this particular issue.
这几点,第一:
在我的无法控制在我们的SharePoint服务器。我不能调整任何IIS设置。 我相信我们的IIS服务器版本的IIS 7.0。 在我们的SharePoint服务器通过NTLM预期的要求。 在我们的SharePoint服务器是同一个域作为我的客户端计算机。 在我使用的.NET Framework 3.5,Visual Studio 2008中 I have no control over our Sharepoint server. I cannot tweak any IIS settings. I believe our IIS server version is IIS 7.0. Our Sharepoint Server is anticipating requests via NTLM. Our Sharepoint Server is on the same domain as my client computer. I am using .NET Framework 3.5, Visual Studio 2008我试图写一个简单的控制台应用程序使用SharePoint Web Services来处理SharePoint数据。我已经添加了服务引用了,下面是我的app.config:
I am trying to write a simple console app to manipulate Sharepoint data using Sharepoint Web Services. I have added the Service Reference, and the following is my app.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://subdomain.companysite.com/subsite/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="ListsSoap"
contract="ServiceReference1.ListsSoap" name="ListsSoap" />
</client>
</system.serviceModel>
这是我的code:
static void Main(string[] args)
{
using (var client = new ListsSoapClient())
{
client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain");
client.GetListCollection();
}
}
当我打电话GetListCollection(),下面的 MessageSecurityException 被抛出:
When I call GetListCollection(), the following MessageSecurityException gets thrown:
The HTTP request is unauthorized with client authentication scheme 'Ntlm'.
The authentication header received from the server was 'NTLM'.
使用内WebException:
With an inner WebException:
"The remote server returned an error: (401) Unauthorized."
我已经试过各种绑定和各种code微调,以试图正确地认证,但无济于事。我将列出那些下面。
I've tried various bindings and various code tweaks to try to authenticate properly, but to no avail. I'll list those below.
使用本机Win32冒领创建客户端之前
using (new Impersonator.Impersonator("username", "password", "domain"))
using (var client = new ListsSoapClient())
{
client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("dpincas", "password", "domain");
client.GetListCollection();
}
本公司生产的同样的错误信息。
This produced the same error message.
设置TokenImpersonationLevel为我的客户证书
using (var client = new ListsSoapClient())
{
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
client.GetListCollection();
}
本公司生产的同样的错误信息。
This produced the same error message.
使用安全模式= TransportCredentialOnly
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
这导致了不同的错误信息:
This resulted in a different error message:
The provided URI scheme 'https' is invalid; expected 'http'.
Parameter name: via
不过,我需要使用HTTPS,所以我不能改变我的URI方案。
However, I need to use https, so I cannot change my URI scheme.
我已经尝试了一些其他的组合,我不记得,但我会后他们当我这样做。我真的在束手无策这里。我看到了很多关于谷歌的链接,说切换到Kerberos的,但我的服务器似乎只接受NTLM,而不是谈判(因为它会说,如果有人找Kerberos的),所以这是不幸的是没有一个选项
I've tried some other combinations that I can't remember, but I'll post them when I do. I'm really at wits end here. I see a lot of links on Google that say "switch to Kerberos", but my server seems to only be accepting NTLM, not "Negotiate" (as it would say if it was looking for Kerberos), so that is unfortunately not an option.
任何帮助那里,人?
推荐答案
大量的试验和错误后,随后停滞期,而我等待发言的机会与我们的服务器的家伙,我终于有机会来讨论与他们的问题,并问他们,如果他们不介意交换我们的SharePoint身份验证交给Kerberos的。
After a lot of trial and error, followed by a stagnant period while I waited for an opportunity to speak with our server guys, I finally had a chance to discuss the problem with them and asked them if they wouldn't mind switching our Sharepoint authentication over to Kerberos.
要出乎我的意料,他们说,这不会是一个问题,实际上很容易做到。 他们启用的Kerberos ,然后我修改我的app.config如下:
To my surprise, they said this wouldn't be a problem and was in fact easy to do. They enabled Kerberos and I modified my app.config as follows:
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
作为参考,在我的app.config我的全serviceModel项看起来是这样的:
For reference, my full serviceModel entry in my app.config looks like this:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TestServerReference" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2000000" maxBufferPoolSize="2000000" maxReceivedMessageSize="2000000"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://path/to/site/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="TestServerReference"
contract="TestServerReference.ListsSoap" name="TestServerReference" />
</client>
</system.serviceModel>
在这之后,一切工作就像一个魅力。我现在(终于!)采用的SharePoint Web服务。因此,如果任何人在那里无法得到他们的SharePoint Web服务使用NTLM工作,看看你是否能说服系统管理员切换到Kerberos的。
After this, everything worked like a charm. I can now (finally!) utilize Sharepoint Web Services. So, if anyone else out there can't get their Sharepoint Web Services to work with NTLM, see if you can convince the sysadmins to switch over to Kerberos.
