客户端和WCF服务之间的身份验证失败
这是一个已经在SO上讨论过几次的问题,但我找不到适合我的问题的解决方案。我有一个WCF服务托管在外部服务器(其他域),我试图从命令行应用程序使用它。我收到以下错误:客户端和WCF服务之间的身份验证失败
The request for security token could not be satisfied because authentication failed.
服务配置web.config文件中:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IRun">
<security mode="None">
<message clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.domain.net"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<behaviors>
<serviceBehaviors>
<behavior name="calculadora.SOA.RunBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="calculadora.SOA.RunBehavior" name="calculadora.SOA.Run">
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" binding="wsHttpBinding" contract="calculadora.SOA.IRun">
<identity>
<dns value="domain.net"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
</system.serviceModel>
在客户端,我创建了一个自定义绑定连接到服务。这里是安全配置:
standardBinding.Security.Mode = SecurityMode.None;
standardBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
standardBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
standardBinding.Security.Transport.Realm = "";
standardBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
standardBinding.Security.Message.NegotiateServiceCredential = false;
standardBinding.Security.Message.EstablishSecurityContext = false;
standardBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default;
我没有使用任何认证安全机制,但仍然,服务似乎在期待一个
。在不同领域工作时,是否必须使用基本认证?
编辑:我没有在我的端点引用任何绑定配置。一旦基准设置,我收到另一个消息错误:
{"The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the
receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract
mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the
receiver. Check that sender and receiver have the same contract and the same binding (including security
requirements, e.g. Message, Transport, None)."}
问题是我客户的结合造成的。当我使用标准的'WSHttpBinding'创建自定义绑定时,'SecurityMode'属性被设置为'消息'而不是'None'。现在代码如下所示,服务终于起作用:
WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.None, false);
CustomBinding myCustomBinding = new CustomBinding(standardBinding);
非常感谢marc_s!
我认为这个问题是您的服务端点定义:
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc"
binding="wsHttpBinding" contract="calculadora.SOA.IRun">
您使用的是标准的wsHttpBinding - 默认为集成的Windows安全性信息的安全性。
当你定义一个绑定配置(称为wsHttpBinding_IRun
),你不引用它在你的端点定义 - 这样就不会发挥作用。您需要将服务端点定义一个bindingConfiguration
属性扩展,像这样:
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc"
binding="wsHttpBinding"
bindingConfiguration="wsHttpBinding_IRun"
contract="calculadora.SOA.IRun">
,以实际使用您定义的绑定配置(包括安全设置)。
我遇到了同样的问题,经过一整天的投入,最后我找出如何解决。关键是将establishSecurityContext =“false”放入消息标记中。
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
在他已经把'establishSecurityContext'变量设置为'false'的问题上。 – 2017-08-14 18:03:39
非常感谢您的时间marc_s!我现在收到一条新的错误消息:“由于EndpointDispatcher中的ContractFilter不匹配,无法在接收方处理带有Action(...)的消息,这可能是因为...”。我已经加倍检查设置,一切似乎都没问题。你有什么想法可能是错的?我会继续寻找。 – jdecuyper 2010-01-29 23:20:15