wcf - 访问 WCF 服务时访问被拒绝错误

Question

我有一个 WCF 服务迁移到 .Net 框架 4.5，它安装在 IIS 7.0 中。我可以在浏览器中浏览服务。但是当我在说一个控制台应用程序中引用该服务并尝试在其中调用一个方法时，我收到错误“访问被拒绝”。下面是我正在使用的堆栈跟踪和 web.config 设置。

System.ServiceModel.Security.SecurityAccessDeniedException was unhandled
  HResult=-2146233087
  Message=Access is denied.
  Source=mscorlib
  StackTrace:
    Server stack trace: 
       at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at ConsoleApplication1.sharedservice.IShared.ProcessRequest(ProcessRequestRequest request)
       at ConsoleApplication1.sharedservice.SharedClient.ConsoleApplication1.sharedservice.IShared.ProcessRequest(ProcessRequestRequest request) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Service References\sharedservice\Reference.cs:line 214
       at ConsoleApplication1.sharedservice.SharedClient.ProcessRequest(String RuleName, String RequestMessage, Int32 WaitTime, Int32 ChannelID, Int32 PassThruMode, Int32 MaxResponseSize, Int32 MaxErrorText, Int32& ActualResponseSize, String& Response, Int32& ActualErrorTextSize, String& ErrorText) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Service References\sharedservice\Reference.cs:line 226
       at ConsoleApplication1.Program.Main(String[] args) in c:\Users\vijayara\Documents\Visual Studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\Program.cs:line 22
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: 

<configuration>
  <appSettings/>
  <connectionStrings/>
    <system.web>
    <compilation debug="false" targetFramework="4.5">

          <assemblies>
            <add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            <add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          </assemblies>

        </compilation>
        <authentication mode="Windows" />
    <pages controlRenderingCompatibilityVersion="4.0">
        <controls>
          <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </controls>
      </pages>

      <httpHandlers>
        <remove verb="*" path="*.asmx"/>
        <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
      </httpHandlers>
      <httpModules>
        <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </httpModules>


    </system.web>
    <system.webServer>
      <validation validateIntegratedModeConfiguration="false"/>
      <modules>
        <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </modules>
      <handlers>
        <remove name="WebServiceHandlerFactory-Integrated"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </handlers>
    </system.webServer>


  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" />
    <services>
      <service behaviorConfiguration="Access_Shared_WCF.SharedBehavior" name="Access_Shared_WCF.Shared">
        <endpoint address="" binding="basicHttpBinding" contract="Access_Shared_WCF.IShared">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http/localhost/Access_Shared_WCF/Shared" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="Access_Shared_WCF.SharedBehavior">
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

Answer 1

我对 WCF 有类似的问题。问题是我的 appPool 帐户对 IIS 生成的程序集没有权限，他将其用于“卷影复制”。我通过使用 procmon http://technet.microsoft.com/cs-cz/sysinternals/bb896645.aspx来跟踪它，过滤到 IIS 进程名称“w3wp.exe”，状态为“拒绝访问”。然后再次调用服务并检查 procmon 输出哪些文件有此问题。

我在 c:\windows\temp\Microsoft.Generated.dll 可以访问拒绝，所以我将其删除，再次调用并生成新的并且一切正常。

另一个选项是像 LocalService 一样将“更强”的用户身份设置为 appPool （ appPool -> 高级设置 -> Indetitiy -> 预定义帐户 -> 本地服务）

但是使用 procmon 的解决方案更有趣:-)

Answer 2

出现此错误的原因有很多。我遇到的时间是 wcf 方法被保护到特定的 AD 角色时：

1. 在 Web 服务客户端上设置 ClientCredentials。这可能很挑剔，对客户端连接执行某些操作可能会导致您丢失凭据。
2. 在设置 ClientCredentials 之前设置 InnerChannel.OperationTimeout 将清除 ClientCredentials（我知道很奇怪，但我测试了很多次）。

Answer 3

我相信这可能是服务尝试使用事件日志记录信息的问题。事件日志不存在，应用程序池标识伪用户无权创建事件日志。因此，使用高特权帐户的建议通过允许创建它来解决问题。可以简单地将用户切换到高帐户运行，然后切换回常规。

或者，如果您知道需要创建什么，则可以使用 powershell 直接创建事件日志（请注意，通常很容易查看任何 .NET 应用程序或 dll 的源代码来定位使用的 const 字符串名称）

 New-EventLog -source "My.Name.Space" -logname "MyApplicationName"

资料来源：https ://robertgreiner.com/wcf-azure-service-bus-access-is-denied-exception/