This specific claims-authenticated environment happens to be SharePoint. SharePoint has its own http modules which enforce the claims authentication. Unauthenticated access will result in a set of options for claims based authentication (such as Ntlm and forms).
A WCF service client obviously has no idea what to do with the 403-message SharePoint returns. Ideally it would do the Ntlm auth sequence against the url 开发者_Python百科"/_windows", which will yield a 401 challenge, then pass the resulting federation cookies to the WCF service.
This can't be the best practice way of dealing with multiple-auth-option Claims based services, but I'm unable to dig up any good resources on the subject. Is the basicHttpBinding futile? What are my options at this point?
If you are using claims with sharepoint you should use Windows Identity Foundation (WIF). See: http://www.microsoftpdc.com/2009/SVC26
You should be using Kerberos in this scenario and the ws2007FederationHttpBinding binding.
http://msdn.microsoft.com/en-us/library/bb675190.aspx
精彩评论