连接到服务作为网络服务的预期身份 upn,
我们有一个 Web 应用程序,作为“网络服务”在应用程序池中运行。 Web 应用程序连接到另一个 Web 服务器上的服务 (.svc)。另一个 Web 服务器也具有托管为“网络服务”的服务。我相信这是默认的。
以下端点在其他地方运行时效果很好。
<endpoint address="http://server123/UnitTrustService/UnitTrustService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_UnitTrustService"
contract="UnitTrustServiceReference.UnitTrustService" name="WSHttpBinding_UnitTrustService">
<identity>
<servicePrincipalName value="server123" />
</identity>
</endpoint>
不幸的是,当从网站执行时,我们收到以下错误。
System.ServiceModel.Security.MessageSecurityException:
The identity check failed for the outgoing message.
The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)'
for the 'http://server123/UnitTrustService/UnitTrustService.svc' target endpoint.
Server stack trace: at System.ServiceModel.Security.IdentityVerifier.EnsureIdentity(EndpointAddress serviceReference, AuthorizationContext authorizationContext, String errorString)...
有什么想法吗? 我尝试过将其作为本地系统在网络服务器计算机上运行,配置完全相同,并且运行良好。
和IIS有关系吗?
问候 克雷格.
We have a web application, running in an application pool as 'NETWORK SERVICE'.
The web application connects to a service (.svc) on another web server. The other web server also has the service hosted as 'NETWORK SERVICE'. I believe this is the default.
The following endpoint, when run anywhere else works perfectly.
<endpoint address="http://server123/UnitTrustService/UnitTrustService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_UnitTrustService"
contract="UnitTrustServiceReference.UnitTrustService" name="WSHttpBinding_UnitTrustService">
<identity>
<servicePrincipalName value="server123" />
</identity>
</endpoint>
Unfortunately when executed from the web site, we get the following error.
System.ServiceModel.Security.MessageSecurityException:
The identity check failed for the outgoing message.
The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)'
for the 'http://server123/UnitTrustService/UnitTrustService.svc' target endpoint.
Server stack trace: at System.ServiceModel.Security.IdentityVerifier.EnsureIdentity(EndpointAddress serviceReference, AuthorizationContext authorizationContext, String errorString)...
Any ideas?
I have tried running this as local system on the web server machine with exactly the same configuration and it works perfectly.
It has something to do with IIS?
Regards
Craig.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这可能表明客户端 web.config 存在问题。仔细检查客户端的
userPrincipalName而不是servicePrincipalName,则客户端 web.config 中的以下示例片段可能会导致此异常。这是一个很容易被忽视的区别,但我以前也曾遇到过这个问题。This probably indicates a problem with the client's web.config. Double-check the
<identity>for the client. For instance, the following example snippet in your client's web.config might cause this exception if the service expected the identity to beuserPrincipalNameinstead ofservicePrincipalName. It's an easy distinction to miss that has caught me up before.