消息包含无效或过期的安全上下文令牌,或者因为绑定之间不匹配
本文关键字:或者 因为 绑定 不匹配 之间 令牌 上下文 无效 包含 过期 安全 | 更新日期: 2023-09-27 18:19:59
我有一个使用web.config的wcf服务的示例web应用程序具有
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="TheBindingConfig">
<security mode="None" >
<transport clientCredentialType="None" />
<message establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/myservice/Service.svc"
binding="wsHttpBinding" bindingConfiguration="TheBindingConfig"
contract="myservice.IService" name="WSHttpBinding_IService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
wcf业务配置文件如下
<system.serviceModel>
<services>
<service name="myservice.Service" behaviorConfiguration="ServiceBehavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="myservice.IService">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
注意服务是用名称空间"myservice"创建的
我是作为的错误响应
The message could not be processed. This is most likely because the action 'http://tempuri.org/IService/GetUserDetails' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
和堆栈跟踪作为
[FaultException: The message could not be processed. This is most likely because the action 'http://tempuri.org/IService/GetUserDetails' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +9439503
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +345
sampleuserservice.IService.GetUserDetails(String Username) +0
sampleuserservice._Default.BindUserDetails() +57
sampleuserservice._Default.Page_Load(Object sender, EventArgs e) +90
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +91
System.Web.UI.Control.LoadRecursive() +74
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207
注意:服务按预期正常运行
我想上面的网络配置文件之间存在映射问题
等待您的宝贵回应和建议
如果任何类型的客户端(.net、soapui)都可以使用该服务,则发布工作的soap请求(headers+body)和不工作的请求。您可以使用fiddler或wcf日志来获取消息。如果服务根本不令人惊叹,那么我的猜测是,这是因为客户端被配置为根本不使用安全性(安全模式="none"),而服务器没有绑定配置,所以使用了默认值,并且默认值具有一些安全性。