将 ASP.NET 站点升级到 .NET 4 后出现 SSPI 协商失败错误
当站点部署在服务器上时会出现此错误,但在我的开发盒上可以正常工作。
让我提供一些有关如何设置一切的快速背景知识。
应用程序 (WebApp) 部署到运行 IIS 7.0 的 Windows Server 2008 SP2。站点中有两个应用程序:WebApp 和WebService。服务器不属于域,但位于本地网络上。
WebService 包含 WCF Web 服务 (svc) 并且尚未修改。我可以连接到它并按预期使用它。
我将 WebApp 从 ASP.NET 3.5 sp1 升级到 ASP.NET 4,它具有 WCF Web 服务的客户端代理(通过添加服务引用生成)。升级之前一切正常。升级后,我可以从我的开发盒(在域上)运行它并正确使用它,并且它可以按预期使用WebService。当我将站点部署到服务器并访问它时,出现以下错误(使用堆栈跟踪进行更新,仅包含每条消息后的第一行):
[Win32Exception (0x80004005): The Security Support Provider Interface (SSPI) negotiation failed.]
System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy) +3705927
[SecurityNegotiationException: SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +9464367
[HttpException (0x80004005): SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +9028953
[HttpException (0x80004005): SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8950644
我在 IIS 中所做的唯一更改是将应用程序池设置为 .NET 4。
我已经测试过,可以从非域计算机连接和使用 WebService,没有任何问题。它在我的开发盒(在域上)上运行良好。
我正在使用 wsHttpBinding 并使用本地(服务器)Windows 用户帐户的用户名/密码进行身份验证。我在客户端代理的 ClientCredentials.Windows.ClientCredential 属性上设置用户/密码。
这是我在客户端绑定下的安全配置(它都是自动生成的,我没有通过添加服务引用来修改它):
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
</security>
同样,如果 asp.net 站点从服务器以外的其他地方运行,则一切正常。
我将不胜感激任何建议。谢谢!
This error comes up when the site is deployed on the server, but works correctly on my dev box.
Let me provide some quick background on how everything is setup.
The application (WebApp) is deployed to a Windows Server 2008 SP2 running IIS 7.0. There are two applications within the site: WebApp and WebService. The server is not part of a domain, but is on the local network.
WebService contains a WCF webservice (svc) and has not be modified. I can connect to this and use it as expected.
I upgraded WebApp to ASP.NET 4 from ASP.NET 3.5 sp1, which has a client proxy to the WCF webservice (generated by adding a service reference). Prior to upgrading everything worked correctly. After upgrading, I can run it and use it correctly from my dev box (on a domain) and it can use WebService as expected. When I deploy the site to the server and access it, I get the following error (updated with the stack trace, only included the first line after each message):
[Win32Exception (0x80004005): The Security Support Provider Interface (SSPI) negotiation failed.]
System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy) +3705927
[SecurityNegotiationException: SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +9464367
[HttpException (0x80004005): SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +9028953
[HttpException (0x80004005): SOAP security negotiation with 'http://server.mydoamin.com/WebService/TestService.svc' for target 'http://server.mydoamin.com/WebService/TestService.svc' failed. See inner exception for more details.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8950644
The only change I made in IIS was to set the app pool to .NET 4.
I've tested and can connect and use the WebService from a non-domain computer without any issues. And it works fine from my dev box (on the domain).
I am using wsHttpBinding and authenticating with a username/password of a local (to the server) windows user account. I set the user/password on the ClientCredentials.Windows.ClientCredential property of the client proxy.
Here is my security config under the client binding (it's all auto-gen, I didn't modify it from adding the service reference):
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
</security>
Again, everything works correctly if the asp.net site is run from somewhere other than on the server.
I'd appreciate any suggestions. Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试重新安装 .net4 分发文件。
有时,当您启用某些.net3.5功能时会导致奇怪的问题。
Try to re-install the .net4 distribution file.
Sometimes, when you enable some .net3.5 function will cause strange problems.