如何使用TransportClientCredentialsOnly安全模式的WCF Rest服务

我花了一天时间研究如何使用TransactionCredentialOnly安全模式的wcf rest服务，客户端类型和代理类型为Windows

但我错过了一些我不知道的事情。

服务主机和调用代码在同一台机器上（当然，我正在调试）这是响应Unauthorized。我原以为这是一种成功的状态，但事实并非如此。

StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  X-SourceFiles: =?UTF-8?B?QzpcU2ltdWxhdG9yXEJyb2tlcmFnZUZpcm1cUHJvZmlsZVNlcnZpY2Uuc3ZjXGdyb3Vwcw==?=
  Cache-Control: private
  Server: Microsoft-IIS/8.0
  WWW-Authenticate: Negotiate
  WWW-Authenticate: NTLM
  X-Powered-By: ASP.NET
  Date: Wed, 08 Oct 2014 09:41:53 GMT
  Content-Length: 6088
  Content-Type: text/html; charset=utf-8
}

我有一个WCF Rest服务，方法是：

[ServiceContract]
public class IProfileService
{
    [OperationContract]
    [WebGet(UriTemplate = "groups")]
    IList<Group> ListGroups();
}

Web.config

<webHttpBinding>
    <binding name="WebHttpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="Windows" />
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="DefaultBehavior" name="MyNamespace.ProfileService">
    <endpoint address="mex" binding="mexHttpBinding" name="" contract="IMetadataExchange" />
    <endpoint behaviorConfiguration="RestFulBehavior" binding="webHttpBinding" bindingConfiguration="WebHttpBinding" name="ProfileServiceRestEndpoint" bindingName="ProfileServiceRestBinding" contract="MyNamespace.IProfileService" />
  </service>

<behaviors>
  <endpointBehaviors>
    <behavior name="RestFulBehavior">
      <webHttp automaticFormatSelectionEnabled="true" />
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="DefaultBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceAuthorization principalPermissionMode="None" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

控制台应用程序：

class Program
{
    static void Main(string[] args)
    {
        using (var client = new HttpClient())
        {
            HttpResponseMessage response = client.GetAsync("http://localhost:3522/ProfileService.svc/groups").Result;
            Console.WriteLine(response);
            Console.ReadLine();
        }
    }
}

WCF项目的IIS配置

Always Start When Debugging: True
Anonymous Authentication: Enabled
Managed Pipeline Mode: Intergrated
SSL Enabled: True
SSL URL: localhost:44300
URL: localhost:3522
Windows Authentication: Enabled