配置 WCF 安全性 (wsHttpBinding)
我有两个网站托管在同一 IIS 服务器上。 SiteA 包含 SiteB 需要访问的 WCF 服务,以及在域上进行身份验证的其他任何内容。
该服务配置了 wsHttpBinding,因此我相信默认情况下使用 Windows 安全性。现在,我可以从本地计算机上运行的控制台应用程序以及默认 Visual Studio Web 服务器中运行的 Web 应用程序调用服务,因此我认为身份验证正在运行。
但是,当 SiteB 尝试访问服务时,它会失败并显示以下错误: 调用者未经服务验证。
SiteB 与 SiteA 在同一台计算机上运行,所以我不明白为什么它无法通过身份验证。 SiteB 使用表单身份验证,我将匿名访问映射到域用户。
以下是配置位:
SiteA(服务):
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="wcfServiceBehaviour" name="MyService">
<endpoint address="" binding="wsHttpBinding" contract="IServiceContract" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wcfServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
SiteB(客户端):
<system.serviceModel>
<client>
<endpoint address="http://xxxxx/Services/xxService.svc"
binding="wsHttpBinding"
contract="IServiceContract" />
</client>
</system.serviceModel>
I have two websites hosted on the same IIS server. SiteA contains WCF services that need to be accessed by SiteB, as well as anything else that is authenticated on the domain.
The service is configured with a wsHttpBinding and thus I believe uses Windows security by default. Right now I can call the services from a console app running on my local machine, as well as from a web application running in the default Visual Studio web server, so I am taking that the authentication is working.
However, when SiteB tries to access the services, it fails with this error:
The caller was not authenticated by the service.
SiteB runs on the same machine than SiteA so I don't understand why it could not be authenticated. SiteB uses Forms Authentication and I mapped Anonymous access to a domain user.
Here are the config bits:
SiteA (service):
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="wcfServiceBehaviour" name="MyService">
<endpoint address="" binding="wsHttpBinding" contract="IServiceContract" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wcfServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
SiteB (client):
<system.serviceModel>
<client>
<endpoint address="http://xxxxx/Services/xxService.svc"
binding="wsHttpBinding"
contract="IServiceContract" />
</client>
</system.serviceModel>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您是对的 - WCF 中配置的 wsHttpBinding 默认情况下将使用 Windows 身份验证。
这里有一个建议 - WCF - 更改端点地址会导致安全异常 - 身份块无法与 Windows 身份验证一起使用 - 尝试将其删除。
You are correct - wsHttpBinding configured in WCF will use Windows Authentication by default.
There is a suggestion here - WCF - changing endpoint address results in securityexception - that the Identity block will not work with Windows Authentication - try removing it.
当 SiteB 模拟其他用户时,您的代码是否指定 模拟级别?
我的猜测是您没有指定足够高的模拟级别。 (委托是最高的,允许SiteB将权限传递给不同的服务)。
我怀疑修复 SiteB 模拟代码就足以解决问题。
如果没有,请尝试将允许的模拟级别传递给服务器:
When SiteB impersonates another user, does your code specify the impersonation level?
My guess is that your are not specifying a high enough level of impersonation. (Delegation is the highest, allowing SiteB to pass the permissions to a different service).
I suspect that fixing up the SiteB impersonation code will be enough to solve the problem.
If not, try passing the allowable impersonation level to the server:
如果您使用像我这样的自托管站点,避免此问题的方法(如上所述)是在主机和客户端上规定 wsHttpBinding 安全模式 = NONE。
在客户端和主机上创建绑定时,您可以使用以下代码:
或
If you're using a self hosted site like me, the way to avoid this problem (as described above) is to stipulate on both the host and client side that the wsHttpBinding security mode = NONE.
When creating the binding, both on the client and the host, you can use this code:
or