当前位置: 文江博客话题详情

为什么 IpcChannel 告诉我“无法打开匿名级别安全令牌?”

发布于 2024-07-19 07:19:04 字数 1368 浏览 4 评论 0原文

我有一个非常简单的客户端-服务器应用程序,我用它来分隔两个不能在同一进程中共存的组件。 当开发它们时(服务器是一个exe,客户端是一个库),我所有的单元测试都像粪肥里的猪一样快乐。 当我继续在其他地方重用该库时,出现以下异常:

System.Runtime.Remoting.RemotingException: An error occurred while processing the request on the server: System.Security.SecurityException: Cannot open an anonymous level security token.

   at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)
   at System.Security.Principal.WindowsIdentity.GetCurrent()
   at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)
The Zone of the assembly that failed was:
MyComputer.

为了简单起见,我已在代码中设置了双方的远程处理,而不是配置文件。 它们实际上是相同的:

BinaryClientFormatterSinkProvider client = new BinaryClientFormatterSinkProvider();
BinaryServerFormatterSinkProvider server = new BinaryServerFormatterSinkProvider();
server.TypeFilterLevel = TypeFilterLevel.Full;

Hashtable config = new Hashtable();
config["name"] = "SomeName";
config["portName"] = "SomePortName";

config["typeFilterLevel"] = "Full";
config["impersonate"] = "true";
config["tokenImpersonationLevel"] = "Impersonation";
config["useDefaultCredentials"] = "True";
config["secure"] = "True";

Channel = new IpcChannel(config, client, server);

所以问题是:为什么远程框架要在启用模拟时创建匿名令牌? 我已经完全没有地方可以寻找这方面的答案了。

原文

I have a pretty simple client-server app that I am using to separate two components that can't live together in the same process. When developing them (the server is an exe, the client is a library), all my unit tests are happy as pigs in manure. When I move on to re-using the library elsewhere, I get the following exception:

System.Runtime.Remoting.RemotingException: An error occurred while processing the request on the server: System.Security.SecurityException: Cannot open an anonymous level security token.

   at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)
   at System.Security.Principal.WindowsIdentity.GetCurrent()
   at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)
The Zone of the assembly that failed was:
MyComputer.

I have set up the remoting on both sides in code, rather than config files for simplicity at this stage. They are effectively identical:

BinaryClientFormatterSinkProvider client = new BinaryClientFormatterSinkProvider();
BinaryServerFormatterSinkProvider server = new BinaryServerFormatterSinkProvider();
server.TypeFilterLevel = TypeFilterLevel.Full;

Hashtable config = new Hashtable();
config["name"] = "SomeName";
config["portName"] = "SomePortName";

config["typeFilterLevel"] = "Full";
config["impersonate"] = "true";
config["tokenImpersonationLevel"] = "Impersonation";
config["useDefaultCredentials"] = "True";
config["secure"] = "True";

Channel = new IpcChannel(config, client, server);

So the question is: Why would the remoting framework want to create an anonymous token when impersonation is enabled? I've completely run out of places to look for answers on this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

感情旳空白 2024-07-26 07:19:04

这不是答案

我知道这是一个老问题,但也许有人找到了解决方案。 我的设置与作者类似,但只需要标识级别:

服务器端:

Dictionary<string, object> properties = new Dictionary<string, object>();
properties["authorizedGroup"] = GetUsersGroupName();
properties["name"] = configuration.ServiceShortName + ".Server";
properties["portName"] = configuration.ServiceGuid;
BinaryServerFormatterSinkProvider sinkProvider = new BinaryServerFormatterSinkProvider();
sinkProvider.TypeFilterLevel = TypeFilterLevel.Full;
Channel = new IpcServerChannel(properties, sinkProvider);
Channel.IsSecured = true;
ChannelServices.RegisterChannel(Channel, true);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(AppManagerServer), configuration.ServerObjectUrl, WellKnownObjectMode.SingleCall);

string GetUsersGroupName()
{
        const string builtInUsersGroup = "S-1-5-32-545";
SecurityIdentifier sid = new SecurityIdentifier(builtInUsersGroup);
NTAccount ntAccount = (NTAccount)sid.Translate(typeof(NTAccount));
        return ntAccount.Value;
}

客户端:

channel = new IpcClientChannel(AppManagerConfiguration.Instance.ServiceShortName + ".Client", null);
ChannelServices.RegisterChannel(channel, true);
string appManagerUrl = "ipc://" + AppManagerConfiguration.Instance.ServiceGuid + "/" + AppManagerConfiguration.Instance.ServerObjectUrl;
(IAppManager)Activator.GetObject(typeof(IAppManager), appManagerUrl).DoSomething();

然后间歇性地得到以下信息:
在服务器上处理请求时发生错误:System.Security.SecurityException:无法打开匿名级别安全令牌。

位于 System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevelsdesiredAccess, Boolean threadOnly)

at System.Security.Principal.WindowsIdentity.GetCurrent()

at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)

失败的程序集的区域是:
我的电脑

IT'S NOT AN ANSWER

I know it's an old question but maybe someone found a solution. I have similar setup to author's, but only identification level is required:

Server side:

Dictionary<string, object> properties = new Dictionary<string, object>();
properties["authorizedGroup"] = GetUsersGroupName();
properties["name"] = configuration.ServiceShortName + ".Server";
properties["portName"] = configuration.ServiceGuid;
BinaryServerFormatterSinkProvider sinkProvider = new BinaryServerFormatterSinkProvider();
sinkProvider.TypeFilterLevel = TypeFilterLevel.Full;
Channel = new IpcServerChannel(properties, sinkProvider);
Channel.IsSecured = true;
ChannelServices.RegisterChannel(Channel, true);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(AppManagerServer), configuration.ServerObjectUrl, WellKnownObjectMode.SingleCall);

string GetUsersGroupName()
{
        const string builtInUsersGroup = "S-1-5-32-545";
SecurityIdentifier sid = new SecurityIdentifier(builtInUsersGroup);
NTAccount ntAccount = (NTAccount)sid.Translate(typeof(NTAccount));
        return ntAccount.Value;
}

Client side:

channel = new IpcClientChannel(AppManagerConfiguration.Instance.ServiceShortName + ".Client", null);
ChannelServices.RegisterChannel(channel, true);
string appManagerUrl = "ipc://" + AppManagerConfiguration.Instance.ServiceGuid + "/" + AppManagerConfiguration.Instance.ServerObjectUrl;
(IAppManager)Activator.GetObject(typeof(IAppManager), appManagerUrl).DoSomething();

And then intermittently I get the following:
An error occurred while processing the request on the server: System.Security.SecurityException: Cannot open an anonymous level security token.

at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)

at System.Security.Principal.WindowsIdentity.GetCurrent()

at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)

The Zone of the assembly that failed was:
MyComputer

回复 原文
~没有更多了~

关于作者

若相惜即相离

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

巷子口的你

文章 0 评论 0

微信用户

文章 0 评论 0

神妖

文章 0 评论 0

鞋纸虽美,但不合脚ㄋ〞

文章 0 评论 0

7460852697

文章 0 评论 0

ligengkai

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文