我们有一个 WCF 服务作为 Windows 服务托管,在我们的应用程序服务器上具有 tcp 绑定。我们有一个 ASP.NET Web 应用程序托管在试图连接到它的单独 Web 服务器上。两台服务器都是 Windows 2008 R2 机器。
ASP.NET Web 应用程序的应用程序池设置为使用 ApplicationPoolIdentity 作为它的用户。当我们尝试从 windows 机器连接到 WCF 服务时,会出现以下错误:
Source Exception: System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:09.9980000'. ---> System.IO.IOException: The read operation failed, see inner exception. ---> System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:09.9980000'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.ServiceModel.Channels.SocketConnection.ReadCore(Byte[] buffer, Int32 offset, Int32 size, TimeSpan timeout, Boolean closing)
但是,当我们将应用程序池的用户更改为网络服务时,它会正确连接。
我的问题是两方面的。有谁知道为什么使用 ApplicationPoolIdentity 不起作用,是某种配置问题吗?而且,在网络服务帐户下运行应用程序池会有什么缺点?我知道 ApplicationPoolIdentity 的权限更少,更安全,被认为是最佳实践。