当前位置: 文江博客话题详情

配置 WCF 安全性 (wsHttpBinding)

发布于 2024-10-04 11:43:21 字数 1657 浏览 0 评论 0原文

我有两个网站托管在同一 IIS 服务器上。 SiteA 包含 SiteB 需要访问的 WCF 服务,以及在域上进行身份验证的其他任何内容。

该服务配置了 wsHttpBinding,因此我相信默认情况下使用 Windows 安全性。现在,我可以从本地计算机上运行的控制台应用程序以及默认 Visual Studio Web 服务器中运行的 Web 应用程序调用服务,因此我认为身份验证正在运行。

但是,当 SiteB 尝试访问服务时,它会失败并显示以下错误: 调用者未经服务验证。

SiteB 与 SiteA 在同一台计算机上运行,​​所以我不明白为什么它无法通过身份验证。 SiteB 使用表单身份验证,我将匿名访问映射到域用户。

以下是配置位:

SiteA(服务):

<system.serviceModel>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        <services>
            <service behaviorConfiguration="wcfServiceBehaviour" name="MyService">
                <endpoint address="" binding="wsHttpBinding" contract="IServiceContract" />
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="wcfServiceBehaviour">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>

SiteB(客户端):

<system.serviceModel>
    <client>
      <endpoint address="http://xxxxx/Services/xxService.svc"
                binding="wsHttpBinding"
                contract="IServiceContract" />
    </client>
</system.serviceModel>
原文

I have two websites hosted on the same IIS server. SiteA contains WCF services that need to be accessed by SiteB, as well as anything else that is authenticated on the domain.

The service is configured with a wsHttpBinding and thus I believe uses Windows security by default. Right now I can call the services from a console app running on my local machine, as well as from a web application running in the default Visual Studio web server, so I am taking that the authentication is working.

However, when SiteB tries to access the services, it fails with this error:
The caller was not authenticated by the service.

SiteB runs on the same machine than SiteA so I don't understand why it could not be authenticated. SiteB uses Forms Authentication and I mapped Anonymous access to a domain user.

Here are the config bits:

SiteA (service):

<system.serviceModel>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        <services>
            <service behaviorConfiguration="wcfServiceBehaviour" name="MyService">
                <endpoint address="" binding="wsHttpBinding" contract="IServiceContract" />
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="wcfServiceBehaviour">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>

SiteB (client):

<system.serviceModel>
    <client>
      <endpoint address="http://xxxxx/Services/xxService.svc"
                binding="wsHttpBinding"
                contract="IServiceContract" />
    </client>
</system.serviceModel>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

酒浓于脸红 2024-10-11 11:43:21

您是对的 - WCF 中配置的 wsHttpBinding 默认情况下将使用 Windows 身份验证。

这里有一个建议 - WCF - 更改端点地址会导致安全异常 - 身份块无法与 Windows 身份验证一起使用 - 尝试将其删除。

You are correct - wsHttpBinding configured in WCF will use Windows Authentication by default.

There is a suggestion here - WCF - changing endpoint address results in securityexception - that the Identity block will not work with Windows Authentication - try removing it.

回复 原文
酒中人 2024-10-11 11:43:21

当 SiteB 模拟其他用户时,您的代码是否指定 模拟级别

我的猜测是您没有指定足够高的模拟级别。 (委托是最高的,允许SiteB将权限传递给不同的服务)。

我怀疑修复 SiteB 模拟代码就足以解决问题。

如果没有,请尝试将允许的模拟级别传递给服务器:

<system.serviceModel>
    <client>
      <endpoint address="http://xxxxx/Services/xxService.svc"
                binding="wsHttpBinding"
                contract="IServiceContract"
                behaviorConfiguration = "ImpersonationBehavior" />
    </client>
      <behaviors>
          <endpointBehaviors>
               <behavior name="ImpersonationBehavior">
                   <clientCredentials>
                       <windows allowedImpersonationLevel = "Delegation" /> <!-- The highest level -->
                   </clientCredentials>
               </behavior>
          <endpointBehaviors>
       </behaviors>
</system.serviceModel>

When SiteB impersonates another user, does your code specify the impersonation level?

My guess is that your are not specifying a high enough level of impersonation. (Delegation is the highest, allowing SiteB to pass the permissions to a different service).

I suspect that fixing up the SiteB impersonation code will be enough to solve the problem.

If not, try passing the allowable impersonation level to the server:

<system.serviceModel>
    <client>
      <endpoint address="http://xxxxx/Services/xxService.svc"
                binding="wsHttpBinding"
                contract="IServiceContract"
                behaviorConfiguration = "ImpersonationBehavior" />
    </client>
      <behaviors>
          <endpointBehaviors>
               <behavior name="ImpersonationBehavior">
                   <clientCredentials>
                       <windows allowedImpersonationLevel = "Delegation" /> <!-- The highest level -->
                   </clientCredentials>
               </behavior>
          <endpointBehaviors>
       </behaviors>
</system.serviceModel>
回复 原文
書生途 2024-10-11 11:43:21

如果您使用像我这样的自托管站点,避免此问题的方法(如上所述)是在主机和客户端上规定 wsHttpBinding 安全模式 = NONE。

在客户端和主机上创建绑定时,您可以使用以下代码:

 Dim binding as System.ServiceModel.WSHttpBinding 
 binding= New System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None)


 System.ServiceModel.WSHttpBinding binding
 binding = new System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None);

If you're using a self hosted site like me, the way to avoid this problem (as described above) is to stipulate on both the host and client side that the wsHttpBinding security mode = NONE.

When creating the binding, both on the client and the host, you can use this code:

 Dim binding as System.ServiceModel.WSHttpBinding 
 binding= New System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None)

or

 System.ServiceModel.WSHttpBinding binding
 binding = new System.ServiceModel.WSHttpBinding(System.ServiceModel.SecurityMode.None);
回复 原文
~没有更多了~

关于作者

原来是傀儡

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lioqio

文章 0 评论 0

Single

文章 0 评论 0

禾厶谷欠

文章 0 评论 0

alipaysp_2zg8elfGgC

文章 0 评论 0

qq_N6d4X7

文章 0 评论 0

放低过去

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文