ASP.NET - 使用 WCF Web 服务绑定和 AD 组时出现 IIS7 部署错误 500 24 50
背景:在我的本地计算机上部署已编译且没有错误的应用程序后,我收到内部服务器 500 24 50 错误。部署应用程序的服务器具有很高的安全性并且正在运行 IIS 7.5,因此我需要为每个目录指定读写访问权限。该应用程序使用 Windows 身份验证和 Web 服务通过代理填充下拉框。我认为连接到 Web 服务可能存在问题,或者文件的读/写安全性存在问题,或者活动目录身份验证存在问题。
由于某种原因,Internet Explorer 只是显示无法加载网页错误。
Google Chrome 中的错误:
500 – Internal Server Error.
There is a problem with the resource you are looking for, and it cannot be displayed.
日志文件详细信息:
#Software: Microsoft Internet Information Services 7.5
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 -
172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
invitations.myagencyservices.com 500 24 50 1380 368 15
MSDN 在 http://support.microsoft.com/kb 中定义错误/943891 as:
500.24 - An ASP.NET impersonation configuration does not apply in Managed
Pipeline mode.
Web.Config 代码:
<system.web>
<customErrors mode="Off" ></customErrors>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<trace enabled="true" pageOutput="true" />
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users="alg\bmccarthy, alg\phoward" />
<allow roles="alg\ACOMP_USER_ADMIN" />
<allow roles="alg\ACOMP_user_AMG" />
<allow roles="alg\ACOMP_user_BIG" />
<allow roles="alg\ACOMP_user_NIS" />
<allow roles="alg\ACOMP_user_GLA" />
<allow roles="alg\ACOMP_user_PIP" />
<allow roles="alg\ACOMP_user_PSM" />
<allow roles="alg\ACOMP_user_PAM" />
<allow roles="alg\ACOMP_user_ANN" />
<allow roles="alg\ACOMP_user_AAM" />
<allow roles="alg\ACOMP_user_MWM" />
<allow roles="alg\ACOMP_user_GIM" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
name="BasicHttpBinding_IAcompService1" />
</client>
</system.serviceModel>
任何建议都会被投票! 感谢您的关注!
Background: I am getting a Internal Server 500 24 50 error after deploying an application that has compiled without errors on my local machine. The server that the application is deployed on has a ton of security and is running IIS 7.5 so I need to specify read and write access for every directory. This application uses windows authentication and a web service to populate drop down boxes via a proxy. I think there might be an issue connecting to the web service or an issue with the read/write security on the files, or an issue with the active directory authentication.
For some reason, Internet Explorer just displayed can't load webpage Error.
Error in Google Chrome:
500 – Internal Server Error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Log File Details:
#Software: Microsoft Internet Information Services 7.5
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2011-05-18 13:54:46 W3SVC1 FL-TPA-WEB-01 172.17.1.25 GET / - 80 -
172.17.1.25 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;
+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C;+.NET4.0E) - -
invitations.myagencyservices.com 500 24 50 1380 368 15
MSDN Defines the error at http://support.microsoft.com/kb/943891 as:
500.24 - An ASP.NET impersonation configuration does not apply in Managed
Pipeline mode.
Web.Config code:
<system.web>
<customErrors mode="Off" ></customErrors>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<trace enabled="true" pageOutput="true" />
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow users="alg\bmccarthy, alg\phoward" />
<allow roles="alg\ACOMP_USER_ADMIN" />
<allow roles="alg\ACOMP_user_AMG" />
<allow roles="alg\ACOMP_user_BIG" />
<allow roles="alg\ACOMP_user_NIS" />
<allow roles="alg\ACOMP_user_GLA" />
<allow roles="alg\ACOMP_user_PIP" />
<allow roles="alg\ACOMP_user_PSM" />
<allow roles="alg\ACOMP_user_PAM" />
<allow roles="alg\ACOMP_user_ANN" />
<allow roles="alg\ACOMP_user_AAM" />
<allow roles="alg\ACOMP_user_MWM" />
<allow roles="alg\ACOMP_user_GIM" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://63.236.108.91/aCompService.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
name="BasicHttpBinding_IAcompService1" />
</client>
</system.serviceModel>
Any suggestions will be up-voted!
Thanks for looking!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
出现 500.24.50 错误的原因是 ASP.NET 集成模式无法模拟 BeginRequest 和 AuthenticateRequest 管道阶段中的请求标识。如果您的应用程序在集成模式下运行,未声明 validateIntegratedModeConfiguration 或将其设置为 true,并且您的应用程序将 Identity impersonate 设置为 true,则会抛出 500.24。
解决方法
A. 如果您的应用程序不依赖于在 BeginRequest 和 AuthenticateRequest 阶段(集成模式下无法模拟的唯一阶段)模拟请求用户,请通过将以下内容添加到应用程序的 web.config 来忽略此错误:
B.如果您的应用程序确实依赖于 BeginRequest 和 AuthenticateRequest 中的模拟,或者您不确定,请转至经典模式。
C. 从 web.config 中删除,这在集成模式下不会有效
阅读更多内容 来自 LEARN.IIS.NET 的 IIS 7 重大更改
The 500.24.50 Error occurs because ASP.NET Integrated mode is unable to impersonate the request identity in the BeginRequest and AuthenticateRequest pipeline stages. 500.24 is thrown if your application is running in integrated mode, validateIntegratedModeConfiguration is not declared or set to true, and your application has identity impersonate set to true.
Workaround
A. If your application does not rely on impersonating the requesting user in the BeginRequest and AuthenticateRequest stages (the only stages where impersonation is not possible in Integrated mode), ignore this error by adding the following to your application’s web.config:
B. If your application does rely on impersonation in BeginRequest and AuthenticateRequest, or you are not sure, move to Classic mode.
C. remove from web.config which won't be effective in integrated mode anyway
Read more on Breaking Changes in IIS 7 from LEARN.IIS.NET
更新:
做了更多的挖掘,你实际上已经错误配置了服务。这篇 MSDN 文章介绍了如何配置 basicHttpBinding 以进行 Windows 身份验证。基本上, basicHttpBinding 元素需要如下所示:
原始答案:
下面是从信息 在本文中。 由于您的服务使用模拟进行授权,因此您似乎需要使用 ASP.NET 此服务的 AppPool 的经典模式管道配置。您可能想要研究新的集成模式管道中如何支持模拟,并了解为什么您的服务无法遵守它,因为集成模式是首选。
UPDATE:
Did a little more digging and you actually have the service mis-configured. This MSDN article explains how to configure basicHttpBinding for Windows authentication. Basically, the basicHttpBinding element needs to look like this:
Original answer:
Below is something to try from the information in this article. Since your service uses impersonation for authorization it looks like you'll need to use the ASP.NET classic mode pipeline configuration of the AppPool for this service. You may want to research how impersonation is supported in the new Integrated mode pipeline and see why your service is failing to comply with it since Integrated mode is prefered.
重要提示:请确保您的计算机上已安装 ASP.NET;如果没有或有疑问,请运行以下命令:
Important: Make sure that you have installed ASP.NET on your machine; if not or if in doubt, run the following command: