“未知的用户名或错误的密码”通过WCF服务访问NAS时
我有一个与 WCF 服务通信的 Web 应用程序客户端。客户端和服务都在运行模拟,因为它们需要写入 NAS 上的类似位置以写入日志和工作文件。问题是,虽然客户端可以很好地编写,但服务却不能。两者都使用 System.IO.FileStream 写入 NAS。我们最初认为这可能是由于未正确传递凭据所致,因此为域用户启用了委派。我们仍然收到同样的错误。如果我检查 ServiceSecurityContext.Current.WindowsIdentity ,我可以看到它是我期望的域用户,但奇怪的是 IIdentity.AuthenticationType 值是“Kerberos ”。使用这篇文章,我们检查了 IIS NTAuthenticationProviders 并验证它是设置为“协商,NTLM”。我意识到此 IIS 设置是用于 IIS 与 NAS 之间的通信,但我们想确定一下。
我们还执行了跟踪,可以看到有问题的服务器和 NAS 位置之间的协商。发送请求后,我们确实看到它尝试联系域控制器,但由于未配置它,因此身份验证失败。
最后,我只是想找出是否有一个配置指令可以设置,以防止它在写入 NAS 时尝试使用 Kerberos 身份验证,其次,为什么当客户端是时服务使用 Kerberos不是。 我很乐意编辑此内容并添加任何所需的进一步配置项,因此请告诉我。
WCF 服务 web.config 绑定部分
<bindings>
<wsHttpBinding>
<binding name="default" maxReceivedMessageSize="200000">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
感谢您的帮助!
I have a web application client that is communicating with a WCF service. Both the client and the service are running impersonation due to their need to write to a similar location on the NAS for purposes of writing logs and working files. The issue is that while the client can write fine, the service can not. Both are using System.IO.FileStream to write to the NAS. We initially thought it may be due to an improperly passed credential so enabled delegation for the domain user. We have still received the same error. If I check the ServiceSecurityContext.Current.WindowsIdentity I can see that it is the domain user that I would expect but the strange thing is that the IIdentity.AuthenticationType value is "Kerberos". Using this article we have checked our IIS NTAuthenticationProviders and verified that it is set to "Negotiate,NTLM". I realize this IIS setting is for the communication between IIS and not the NAS but we wanted to be sure.
We have also performed a trace and can see the negotiation between the server in question and the NAS location. After the request is sent we do see it try to contact a Domain Controller but since this is not configured it fails authentication.
In the end, I'm simply trying to find out if there is a configuration directive that I can set to prevent it from trying to use Kerberos authentication when writing to the NAS and, secondly, why the service is using Kerberos when the client is not.
I will gladly edit this and add any further configuration items requested so please let me know.
WCF Service web.config binding section
<bindings>
<wsHttpBinding>
<binding name="default" maxReceivedMessageSize="200000">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
Thanks for any help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您看过其中的内容吗?
http://msdn.microsoft.com/en-us/library/ff650591.aspx
第 8 步中的项目可能会帮助您或为您指明正确的方向。
Have you looked through the items in this?
http://msdn.microsoft.com/en-us/library/ff650591.aspx
Items in step 8 might help or point you in the right direction.