服务器已拒绝客户端凭据WCF作为Windows服务
本文关键字:WCF 作为 Windows 服务 拒绝 客户端 服务器 | 更新日期: 2023-09-27 18:19:45
我可以使用Win表单应用程序连接到我的WCF服务,但我无法使用windows服务。每当我向代理启动open()时,它就会抛出以下错误
服务器已拒绝客户端凭据
内部异常:System.Security.Authentication.InvalidCredentialException:服务器已拒绝客户端凭据
--->System.ComponentModel.Win32异常:登录尝试失败
---内部异常堆栈跟踪结束---
在System.Net.Security.NegoState.ProcessAuthentication(LazySyncResultlazyResult)
位于System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential凭据,ChannelBinding绑定,字符串targetName,保护级别requiredProtectionLevel,TokenImpersonationLevelallowedImpersonationLevel)
位于System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential凭据,字符串targetName,保护级别requiredProtectionLevel,TokenImpersonationLevelallowedImpersonationLevel)
位于System.ServiceModel.Channels.FindowsStreamSecurityUpgradeProvider.WindowsStreatSecurityUpgradeInitiator.OnInitiateUpgrade(流流,SecurityMessageProperty&remoteSecurity)
尝试搜索解决方案,但没有一个符合我的要求,因此发布。
请帮忙。。。
更新1:
@A.R.,尝试使用
client.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
但无济于事。
更新2:
WCF服务配置
<system.serviceModel>
<diagnostics performanceCounters="All" />
<bindings>
<netTcpBinding>
<binding name="myBindingForLargeData" maxReceivedMessageSize="5242880" maxConnections="10">
<readerQuotas maxDepth="64" maxStringContentLength="5242880" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFService.ServiceBehavior"
name="WCFService.CollectorService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="myBindingForLargeData"
name="netTcpEndPoint" contract="WCFService.ICollectorService" />
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
name="mexTcpEndPoint" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8010/WCFService.CollectorService/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFService.ServiceBehavior">
<serviceMetadata httpGetEnabled="False"/>
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceThrottling
maxConcurrentCalls="32"
maxConcurrentSessions="32"
maxConcurrentInstances="32"
/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
感谢您的帮助。经过几天的研究和试错方法,我得到了答案:)我知道我迟了发布答案,但我认为迟发总比不发好。
这是的解决方案
我不得不对我的配置文件(包括客户端和服务器)进行一些更改
在客户端,我添加了<security>
标签,如下所示
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcpEndPoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="5242880" maxBufferSize="5242880" maxConnections="15" maxReceivedMessageSize="5242880">
<readerQuotas maxDepth="32" maxStringContentLength="5242880" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://xx.xx.xx.xx:8010/WCFService.CollectorService/" binding="netTcpBinding" bindingConfiguration="netTcpEndPoint" contract="CloudAdapter.CloudCollectorService.ICollectorService" name="netTcpEndPoint">
</endpoint>
</client>
</system.serviceModel>
并且还在服务器端添加了相同的标签(WCF服务配置),如下所示
<bindings>
<netTcpBinding>
<binding name="myBindingForLargeData" maxReceivedMessageSize="5242880" maxConnections="10">
<readerQuotas maxDepth="64" maxStringContentLength="5242880" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
希望这能帮助到有需要的人:)
因此,KEY是使客户端和服务器配置文件上的<security>
标签相同。
基本上,您的调用服务没有适当的凭据,就像从WinForms调用时一样。你需要的是一些模仿。这需要一些设置,有点烦人,但它会起作用的。
幸运的是MSDN有一个不错的小演练
http://msdn.microsoft.com/en-us/library/ms731090.aspx
这里有一些关于该主题的更一般的信息:
http://msdn.microsoft.com/en-us/library/ms730088.aspx
更新:
仅设置模拟标志是不够的。您必须实际模拟凭据才能使其工作。例如:
// Let's assume that this code is run inside of the calling service.
var winIdentity = ServiceSecurityContext.Current.WindowsIdentity;
using (var impContext = winIdentity.Impersonate())
{
// So this would be the service call that is failing otherwise.
return MyService.MyServiceCall();
}
看看我在这篇文章中的回答服务器拒绝了客户端凭据。
注意安全节点
<bindings>
<netTcpBinding>
<binding name="customTcpBinding" maxReceivedMessageSize="20480000" transferMode="Streamed" >
<security mode="None"></security>
</binding>
</netTcpBinding>
</bindings>
您在WCF服务上使用的身份验证模式是什么?似乎winform应用程序正在运行并提供正确的凭据,而您的windows服务没有以指定的权限运行,或者传递的凭据无效。当您使用winforms与Windwos服务时,请尝试使用Fiddler检查您的请求,并查看差异。
对我来说,在双方(客户端+服务器)都将安全模式设置为None:有帮助
NetTcpBinding绑定=新的NetTcpBinding();结合Security.Mode=SecurityMode.None;
(答案与spinner_den_g相同,但在C#中-无需编辑app.config)