WCF Windows身份验证,可以在本地调试,但不能在服务器上运行

WCF Windows Authentication, local debug ok but not work on server
2021-03-07
  •  译文(汉语)
  •  原文(英语)

在我的服务器上,运行IIS 7中托管的Windows身份验证WCF应用程序:

IIS配置:Windows身份验证:已禁用;匿名:已启用

<system.serviceModel>
    <services>
        <service name="Services.AccountService" behaviorConfiguration="MyServiceTypeBehaviors">
        <endpoint address="" binding="ws2007HttpBinding" bindingConfiguration="AccountServiceBinding"
        contract="Contracts.IAccountService" />
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyServiceTypeBehaviors" >
        <!--<serviceDebug includeExceptionDetailInFaults="true"/>-->
                <serviceMetadata  httpGetEnabled="true" httpGetUrl="" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <ws2007HttpBinding>
            <binding name="AccountServiceBinding" >
                <security mode="Message">
                    <message clientCredentialType="Windows" />
                </security>
            </binding>
        </ws2007HttpBinding>
    </bindings>
</system.serviceModel>

然后使用以下代码创建一个MVC4应用程序以调用WCF服务:

WS2007HttpBinding myBinding = new WS2007HttpBinding(); 
myBinding.Security.Mode = SecurityMode.Message;
EndpointAddress endpoint = new EndpointAddress("http://server/accountservice.svc");

AccountServiceClient _client = new AccountServicesObjects.AccountServiceClient(myBinding, endpoint);
_client.ClientCredentials.Windows.ClientCredential.UserName = "username";
_client.ClientCredentials.Windows.ClientCredential.Password = "password";

var user = _client.GetUserInformation(); // works fine

完成此mvc4应用程序后,将这个网站部署到运行WCF的同一台服务器上,当我登录时,发生以下情况:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. 
System.ServiceModel.FaultException:The request for security token could not be satisfied because authentication failed. 
on System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
on System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

这是怎么发生的?

速聊1:
为什么在IIS上禁用Windows身份验证?
解决过程1

您的服务似乎根本没有启动.如果启用跟踪,则可以找到异常.配置中存在错误-您没有基址,但已将HttpGetUrl设置为true(为此,必须设置基址)

这应该为您工作:

<service name="Services.AccountService" behaviorConfiguration="MyServiceTypeBehaviors">
    <endpoint address="accountservice.svc" binding="ws2007HttpBinding" 
        bindingConfiguration="AccountServiceBinding"
        contract="Services.IAccountService" />
    <host>
          <baseAddresses>
                 <add baseAddress="http://localhost:8000/"/>
          </baseAddresses>
    </host>
</service>

On my Server, running a Windows Authentication WCF application hosted in IIS 7:

IIS Config: Windows Auth : disabled; anonymous: enabled

<system.serviceModel>
    <services>
        <service name="Services.AccountService" behaviorConfiguration="MyServiceTypeBehaviors">
        <endpoint address="" binding="ws2007HttpBinding" bindingConfiguration="AccountServiceBinding"
        contract="Contracts.IAccountService" />
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyServiceTypeBehaviors" >
        <!--<serviceDebug includeExceptionDetailInFaults="true"/>-->
                <serviceMetadata  httpGetEnabled="true" httpGetUrl="" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <ws2007HttpBinding>
            <binding name="AccountServiceBinding" >
                <security mode="Message">
                    <message clientCredentialType="Windows" />
                </security>
            </binding>
        </ws2007HttpBinding>
    </bindings>
</system.serviceModel>

and then I create a MVC4 Application with following code to call WCF service:

WS2007HttpBinding myBinding = new WS2007HttpBinding(); 
myBinding.Security.Mode = SecurityMode.Message;
EndpointAddress endpoint = new EndpointAddress("http://server/accountservice.svc");

AccountServiceClient _client = new AccountServicesObjects.AccountServiceClient(myBinding, endpoint);
_client.ClientCredentials.Windows.ClientCredential.UserName = "username";
_client.ClientCredentials.Windows.ClientCredential.Password = "password";

var user = _client.GetUserInformation(); // works fine

After I finished this mvc4 application, I deploy this website to the Same server which is running WCF one, when I login, occurs:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. 
System.ServiceModel.FaultException:The request for security token could not be satisfied because authentication failed. 
on System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
on System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

how this happend?

Talk1:
Why did you disable windows authentication on IIS?
Solutions1

It seems your service hasn't been started at all. If you enable tracing you can find an exception. There is an error in your configuration - you have no base address, but you have set HttpGetUrl to true (for that option you have to set base address)

This should work for you:

<service name="Services.AccountService" behaviorConfiguration="MyServiceTypeBehaviors">
    <endpoint address="accountservice.svc" binding="ws2007HttpBinding" 
        bindingConfiguration="AccountServiceBinding"
        contract="Services.IAccountService" />
    <host>
          <baseAddresses>
                 <add baseAddress="http://localhost:8000/"/>
          </baseAddresses>
    </host>
</service>
转载于:https://stackoverflow.com/questions/23028301/wcf-windows-authentication-local-debug-ok-but-not-work-on-server

本人是.net程序员,因为英语不行,使用工具翻译,希望对有需要的人有所帮助
如果本文质量不好,还请谅解,毕竟这些操作还是比较费时的,英语较好的可以看原文

留言回复
我们只提供高质量资源,素材,源码,坚持 下了就能用 原则,让客户花了钱觉得值
上班时间 : 周一至周五9:00-17:30 期待您的加入