1

我正在尝试通过标准命名管道端点管理托管在 AppFabric 上的工作流服务。我可以从控制台应用程序成功地做到这一点,但是当尝试从 ASP.NET 做同样的事情时,我得到“访问被拒绝”异常。

我知道这是应该在 web.config 中以某种方式解决的安全配置问题,但我不知道如何......

这是我使用的代码:

NetNamedPipeBinding binding = new NetNamedPipeBinding();
EndpointAddress addr = new EndpointAddress("net.pipe://localhost/ServiceLibrary/LongRunningService.xamlx/System.ServiceModel.Activities_IWorkflowInstanceManagement");

try
{
    var proxy = new WorkflowControlClient(binding, addr);
    Guid instanceId = new Guid("<<SOME WORKFLOW INSTANCE ID>>");
    proxy.Suspend(instanceId);
}
catch (Exception ex)
{
}

更新: 理论上可以在没有安全性的情况下在 web.config 中注册端点(http 或 net.pipe)。在这种情况下,看起来一切正常......但我不想为网站上注册的每项服务都这样做。我认为应该有某种方法可以连接到已经注册的 net.pipe 端点。这是具有显式端点注册的 Web 配置(http、net.pipe):

<behaviors>
  <serviceBehaviors>
    <behavior>
      <remove name="serviceCredentials" />
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="false" />
      <sqlWorkflowInstanceStore instanceCompletionAction="DeleteNothing" instanceEncodingOption="None" instanceLockedExceptionAction="NoRetry" connectionStringName="ApplicationServerWorkflowInstanceStoreConnectionString" hostLockRenewalPeriod="00:00:30" runnableInstancesDetectionPeriod="00:00:05" />
      <workflowInstanceManagement authorizedWindowsGroup="" />
      <workflowUnhandledException action="AbandonAndSuspend" />
      <workflowIdle timeToPersist="00:00:30" timeToUnload="00:01:00" />
      <etwTracking profileName="Troubleshooting Tracking Profile" />
    </behavior>
    <behavior name="StnandardBehavior">
      <remove name="serviceCredentials" />
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="false" />
      <sqlWorkflowInstanceStore instanceCompletionAction="DeleteNothing" instanceEncodingOption="None" instanceLockedExceptionAction="NoRetry" connectionStringName="ApplicationServerWorkflowInstanceStoreConnectionString" hostLockRenewalPeriod="00:00:30" runnableInstancesDetectionPeriod="00:00:05" />
      <workflowInstanceManagement authorizedWindowsGroup="" />
      <workflowUnhandledException action="AbandonAndSuspend" />
      <workflowIdle timeToPersist="00:00:30" timeToUnload="00:01:00" />
      <etwTracking profileName="Troubleshooting Tracking Profile" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <basicHttpBinding>
    <binding name="httpSecurityOff" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      <security mode="None">
        <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
  <netNamedPipeBinding>
    <binding name="pipeSecurityOff" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" maxConnections="10" maxReceivedMessageSize="65536">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="None">
        <transport protectionLevel="None" />
      </security>
    </binding>
  </netNamedPipeBinding>
</bindings>
<services>
  <service name="LongRunningService" behaviorConfiguration="StnandardBehavior">
    <endpoint address="wce" contract="System.ServiceModel.Activities.IWorkflowInstanceManagement" binding="basicHttpBinding" bindingConfiguration="httpSecurityOff" kind="workflowControlEndpoint" />
    <endpoint address="wce" contract="System.ServiceModel.Activities.IWorkflowInstanceManagement" binding="netNamedPipeBinding" bindingConfiguration="pipeSecurityOff" kind="workflowControlEndpoint" />
    <endpoint contract="ILongRunningService" binding="basicHttpBinding" bindingConfiguration="httpSecurityOff" />
  </service>
</services>

在这种情况下,用于连接到这个新端点的客户端代码应该有点不同:

    NetNamedPipeBinding binding = new NetNamedPipeBinding();
    binding.Security.Mode = NetNamedPipeSecurityMode.None;
    EndpointAddress addr = new EndpointAddress("net.pipe://{{MACHINE_NAME}}/ServiceLibrary/LongRunningService.xamlx/wce");

    try
    {
        var proxy = new WorkflowControlClient(binding, addr);
        Guid instanceId = new Guid(workflowInstanceId.Value);
        proxy.Suspend(instanceId);
        proxy.Close();
    }
    catch (Exception ex)
    {
    }
4

3 回答 3

1

您可以关闭安全性以查看 ASP.NET 应用程序池标识 ACL 是否存在问题:

NetNamedPipeBinding nnpb = new NetNamedPipeBinding();
nnpb.Security.Mode = NetNamedPipeSecurityMode.None;
于 2012-04-20T07:05:18.150 回答
0

尝试将 Workflow ApplicationPool 用户放入用户组“AS_Administrators”中。需要重置 IIS 才能重新加载安全更改。

于 2012-11-25T22:23:46.137 回答
0

您是否在 IIS 中为您的应用程序编辑了允许的网站/虚拟目录绑定?您需要将 net.pipe 添加为允许的协议绑定

于 2012-04-19T20:50:31.890 回答