使用 System.Web.ApplicationServices.AuthenticationService 进行 WCF 服务身份验证,我无法向成员资格提供程序进行身份验证
我正在尝试使用身份验证服务和我的会员提供商进行身份验证。理想情况下,我想打电话给我的会员提供商,但在联系我的提供商之前我就崩溃了。说无法验证令牌。检查我的错误日志,我似乎正在尝试使用 Windows 身份验证进行身份验证。那不是我打算做的。这是一个带有 svc 文件的网站。我使用 svcUtil 并从 WSDL 生成客户端。我正在使用客户端的应用程序中有一个测试页面。它只是一个测试页面,不会被部署。我看到 IIS 中选中了集成 Windows 身份验证,这似乎不正确,但如果我取消选中它,Visual Studio 将无法调试。无论如何,我查看事件日志并收到两个错误
Logon Failure:
Reason: Unknown user name or bad password
User Name: sandagtestuser
Domain:
Logon Type: 8
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SDD-CK
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: sandagtestuser
Source Workstation: SDD-CK
Error Code: 0xC0000064
以下是 web.config 中的绑定。请注意,我正在尝试使用 SSL 和 HTTPS。这是我第一次尝试 WCF 安全性,
<system.serviceModel>
<client>
<endpoint address="https://SDD-CK/ATISServices/Services/AuthService.svc/AuthService"
binding="basicHttpBinding" bindingConfiguration="userHttps_AuthenticationService"
contract="AuthenticationService" name="userHttps_AuthenticationService" >
</endpoint>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<behaviors>
<serviceBehaviors>
<behavior name="ATISServices.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="userHttps_AuthenticationService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="true" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport proxyCredentialType="None" clientCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="basic_auth_config">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ATISServices.AuthServiceBehavior"
name="System.Web.ApplicationServices.AuthenticationService">
<endpoint binding="basicHttpBinding" bindingName="userHttps" bindingConfiguration="basic_auth_config"
bindingNamespace="http://asp.net/ApplicationServices/v200"
contract="System.Web.ApplicationServices.AuthenticationService"
address="AuthService"/>
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration=""
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
也许一些 WCF 专家可以帮助我解决这个问题。我看到凭据通过事件日志到达服务器,所以我应该不会太遥远。有关故障的实际 InnerException 消息是无法验证消息中的至少一个安全令牌。
最后,这里是一些可能感兴趣的其他 web.config 设置。
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" requireSSL="true"/>
</webServices>
</scripting>
</system.web.extensions>
<authentication mode="Forms" >
<forms cookieless="UseCookies" />
</authentication>
<membership defaultProvider="KCMembershipProvider">
<providers>
<clear/>
<add
name="KCMembershipProvider"
applicationName="/"
type="zcore.MembershipProvider.KCMembershipProvider, zcore.MembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</providers>
</membership>
此时任何帮助或提示将不胜感激。我已经为此奋斗了两天。我也在使用证书。我用“makecert”工具制作了它们。一个是证书颁发机构,另一个是使用所述颁发机构的“本地主机”证书。我还使用了 httpcfg 并将证书指纹设置为端口 9307,但是当我将“:9307”放在服务地址上时,我的连接被主动拒绝。我真的很感谢这里的任何帮助。
干杯,
~ck 在圣地亚哥
I'm trying to get authenticated using the the Authentication Service and my Membership Provider. Ideally I want to call my membership provider, but I bomb out before hitting my provider. Says a token cannot be validated. Checking my error log, it appears I'm trying to Authenticate using Windows auth. That's not what I'm intending to do. This is a web with an svc file. I use svcUtil and generate a client from the WSDL. I have a test page in the app that I'm using the client from. Its just a test page and will not be deployed. I see Integrated Windows Auth is checked in IIS which doesnt seem correct, but if I uncheck it, Visual Studio won't debug. Anyways I look in the event log and get two errors
Logon Failure:
Reason: Unknown user name or bad password
User Name: sandagtestuser
Domain:
Logon Type: 8
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SDD-CK
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: sandagtestuser
Source Workstation: SDD-CK
Error Code: 0xC0000064
Here are the bindings in the web.config. Please note I'm trying to use SSL and HTTPS. This is my first stab at WCF security
<system.serviceModel>
<client>
<endpoint address="https://SDD-CK/ATISServices/Services/AuthService.svc/AuthService"
binding="basicHttpBinding" bindingConfiguration="userHttps_AuthenticationService"
contract="AuthenticationService" name="userHttps_AuthenticationService" >
</endpoint>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<behaviors>
<serviceBehaviors>
<behavior name="ATISServices.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="userHttps_AuthenticationService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="true" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport proxyCredentialType="None" clientCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="basic_auth_config">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ATISServices.AuthServiceBehavior"
name="System.Web.ApplicationServices.AuthenticationService">
<endpoint binding="basicHttpBinding" bindingName="userHttps" bindingConfiguration="basic_auth_config"
bindingNamespace="http://asp.net/ApplicationServices/v200"
contract="System.Web.ApplicationServices.AuthenticationService"
address="AuthService"/>
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration=""
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Perhaps some WCF guru out there can help me correct the problem. I see the credentials getting up to the server via the event log, so I must not be too terribly far off. The actual InnerException message on the fault is At least one security token in the message could not be validated.
Lastly here are some additional web.config settings that may be of interest.
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" requireSSL="true"/>
</webServices>
</scripting>
</system.web.extensions>
<authentication mode="Forms" >
<forms cookieless="UseCookies" />
</authentication>
<membership defaultProvider="KCMembershipProvider">
<providers>
<clear/>
<add
name="KCMembershipProvider"
applicationName="/"
type="zcore.MembershipProvider.KCMembershipProvider, zcore.MembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</providers>
</membership>
Any help or tips at this point would be greatly appreciated. I've battled with this for two days. I'm using certificates as well. I made them with 'makecert' tool. One is a Cert Authority and the other is a 'localhost' cert using said Authority. I also have used httpcfg and set the cert thumbprint to port 9307, however when i put ":9307" on the service address, I get connection actively refused. I truly appreciate any help here.
Cheers,
~ck in San Diego
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这实际上让它发挥了作用。将其添加到服务行为中。
This actually got it to work. Adding this to the service behavior.