Tridion 2011核心服务：在SSO环境中无法连接

Question

Tridion 2011核心服务：在SSO环境中无法连接

c#wcfweb-serviceswcf-bindingtridion

11

当我尝试连接核心服务时，出现以下错误：

HTTP请求被拒绝，客户端身份验证方案为“Anonymous”

Tridion环境配置有来自SiteMinder的SSO。

这是我的代码：

public static ICoreService2010 GetTridionClient()
{
    var binding = new BasicHttpBinding()
    {
        Name = "BasicHttpBinding_TridionCoreService",
        CloseTimeout = new TimeSpan(0, 1, 0),
        OpenTimeout = new TimeSpan(0, 1, 0),
        ReceiveTimeout = new TimeSpan(0, 10, 0),
        SendTimeout = new TimeSpan(0, 1, 0),
        AllowCookies = false,
        BypassProxyOnLocal = false,
        HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
        MaxBufferSize = 4194304, // 4MB
        MaxBufferPoolSize = 4194304,
        MaxReceivedMessageSize = 4194304,
        MessageEncoding = WSMessageEncoding.Text,
        TextEncoding = System.Text.Encoding.UTF8,
        TransferMode = TransferMode.Buffered,
        UseDefaultWebProxy = true,
        ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        {
            MaxDepth = 32,
            MaxStringContentLength = 4194304, // 4MB
            MaxArrayLength = 4194304,
            MaxBytesPerRead = 4194304,
            MaxNameTableCharCount = 16384
        },
        Security = new BasicHttpSecurity()
        {
            Mode = BasicHttpSecurityMode.TransportCredentialOnly,
            Transport = new HttpTransportSecurity()
            {
                ClientCredentialType = HttpClientCredentialType.None,
            },
            Message = new BasicHttpMessageSecurity()
            {
                ClientCredentialType = BasicHttpMessageCredentialType.UserName
            }
        }
    };

    string hostname = ConfigurationManager.AppSettings["TridionUrl"];
    string username = ConfigurationManager.AppSettings["TridionUsername"];

    hostname = string.Format("{0}{1}{2}", 
                              hostname.StartsWith("http") ? "" : "http://",
                              hostname, 
                              hostname.EndsWith("/") ? "" : "/");
    var endpoint = new EndpointAddress(hostname +
                              "/webservices/CoreService.svc/basicHttp_2010");
    var factory = new ChannelFactory<ICoreService2010>(binding, endpoint);
    factory.Credentials.UserName.UserName = username;

    return factory.CreateChannel();
}

有没有人有使用除Windows之外的身份验证类型与Core Service互动的经验？

更新：

现在我收到以下错误：

The HTTP request was forbidden with client authentication scheme 'Basic'.

/webservices/web.config中的bindings应该使用哪种clientCredentialType?

当我取消注释/webservices/web.config中的SsoAgentHttpModule时，我们会在webservice上收到500个错误，因此SDL告诉我们将其注释掉。

我理解这个模块是CoreService使用身份验证方案"Basic"进行身份验证所必需的吗？

- user590557

您不需要在/webservices/web.config中取消注释SsoAgentHttpModule，因为您已经在根配置文件中取消了注释，并且它已经传递到整个网站。您确定您连接到正确的SSO URL了吗？ - Andrey Marchuk

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Andrey Marchuk · Accepted Answer

你的代码有两个问题：

You have set authentiction to anonymous on the server and assumed that same should be set on the client, but it's not the case. You have also enabled LDAP SSO module on the server that kicks in as soon as you turn the anonymous authentication on. On the client side it will look like plain basic authentication, so you client security code should be like this:
```
Security = new BasicHttpSecurity() 
    { 
        Mode = BasicHttpSecurityMode.TransportCredentialOnly, 
        Transport = new HttpTransportSecurity() 
        { 
            ClientCredentialType = HttpClientCredentialType.Basic, 
        }
    } 
```

You have set username, but not password, so:

factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;

另外，请记住，在设置用户时，您可能需要指定用户名称限定符（默认情况下为SSO），例如SSO\ user。

这应该会让您更近一步，如果您仍然有问题，请在问题中更新最新的异常信息。