联系 IIS 7.5 中托管的 WCF 服务时连接重置
我正在尝试使用 WCF 安全令牌服务网站模板创建虚拟安全令牌服务。创建网站时,如果我指定文件系统 URI 并将该网站托管在 ASP.NET 开发 Web 服务器中,那么一切似乎都很好。但是,我希望 STS 使用 SSL,并且还希望避免使用 ASP.NET 开发 Web 服务器分配的动态端口时出现的跨域问题。因此,我重新创建了相同的网站,但为 IIS 7.5 中预配置的 Web 应用程序指定了 HTTPS URI(例如 https://localhost/SecurityTokenService/< /a>) 而不是文件系统 URI。现在,所有导航到 Service.svc 文件的尝试都会导致强制连接重置。
下面是我的 web.config 文件,尽管它在 ASP.NET 开发 Web 服务器中托管时可以工作,这一事实让我认为问题出在 IIS 设置上。我可能会尝试弄清楚发生了什么事?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings>
<add key="IssuerName" value="ActiveSTS"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value=""/>
</appSettings>
<connectionStrings />
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="None"/>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
</webServices>
</scripting>
</system.web.extensions>
<system.serviceModel>
<services>
<service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
<endpoint address="https://localhost/SecurityTokenService/Service.svc/IWSTrust13" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" bindingConfiguration="ws2007HttpBindingConfiguration"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost/SecurityTokenService/Service.svc" />
</baseAddresses>
</host>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" clientCredentialType="UserName" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add type="CustomUserNamePasswordTokenHandler, App_Code"/>
</securityTokenHandlers>
</service>
</microsoft.identityModel>
</configuration>
更新:我可以导航到网络应用程序中的其他文件。只是不是 *.svc 文件。除了 101 状态代码之外,我没有任何东西可以使用,所以这有点令人沮丧。
更新:进一步的实验表明,该问题仅存在于作为 STS 并托管在 IIS 中的 WCF 服务。如果我在 IIS 中托管常规 WCF 服务,则没有问题。我下载了各种包含自定义 STS 的示例项目,它们都表现出相同的行为。这让我相信我的 IIS 配置有问题,导致它无法与 STS 良好配合。让我无法弄清楚问题是什么......
I am attempting to create a dummy security token service using the WCF Security Token Service website template. When creating the website, if I specify a file system URI and host the site in the ASP.NET Development Web Server then everything appears to be fine. However, I want the STS to use SSL and I would also like to avoid the cross-domain issues that arise when using the dynamic ports assigned by the ASP.NET Development Web Server. So I recreated the same website but specify an HTTPS URI to a preconfigured web application in IIS 7.5 (e.g. https://localhost/SecurityTokenService/) instead of a file system URI. Now all attempts to navigate to the Service.svc file result in a forceful connection reset.
Below is my web.config file although the fact that it works when hosted in the ASP.NET Development Web Server makes me think the problem is with an IIS setting. What are some things I might try to figure out what's going on?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings>
<add key="IssuerName" value="ActiveSTS"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value=""/>
</appSettings>
<connectionStrings />
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="None"/>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
</webServices>
</scripting>
</system.web.extensions>
<system.serviceModel>
<services>
<service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
<endpoint address="https://localhost/SecurityTokenService/Service.svc/IWSTrust13" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" bindingConfiguration="ws2007HttpBindingConfiguration"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost/SecurityTokenService/Service.svc" />
</baseAddresses>
</host>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" clientCredentialType="UserName" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add type="CustomUserNamePasswordTokenHandler, App_Code"/>
</securityTokenHandlers>
</service>
</microsoft.identityModel>
</configuration>
UPDATE: I can navigate to other files in the web application. Just not the *.svc file. I don't have anything to work with except for the 101 statuc code so this is kind fo frustrating.
UPDATE: Further experimentation indicates that the problem only exists with WCF services that are STSs and hosted in IIS. If I host a regular WCF service in IIS there is no problem. I downloaded a variety of example projects containing custom STSs and they all exhibit the same behavior. This leads me to believe that there is something wrong with the configuration of my IIS that prevents it from playing nice with an STS. Beats me how I might figure out what the problem is ...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您的服务中的基地址配置为 HTTP 而不是 HTTPS。另外,如果您使用 HTTPS 浏览它并希望看到服务定义,我认为您需要 httpsGetEnabled 而不是 httpGetEnabled。这些可能是问题所在吗?
The base address in your service is configured to be HTTP not HTTPS. Also, if you are browsing to it using HTTPS and expecting to see the service definition I think you would need httpsGetEnabled not httpGetEnabled. Could these be the problem?
我就此向 Microsoft 提出了一个支持案例。经过大量日志和跟踪文件的挖掘,我们确定 IIS 中虚拟目录的物理路径不正确。这很奇怪,因为当我将项目添加到解决方案时,Visual Studio 代表我创建了虚拟目录。我手动删除并重新创建虚拟目录,一切都开始工作。
I opened a support case with Microsoft about this. After digging through a lot of log and trace files, we determined that the physical path of the virtual directory in IIS was not correct. This is weird because Visual Studio created the virtual directory on my behalf when I added the project to my solution. I deleted and recreated the virtual directory manually and everything started working.