1

我有一个 WCF 服务,它被配置为通过basicHttpsBinding. 身份验证过程在我的开发计算机(Windows 7、IIS 7.5)上运行良好,但在部署到 Windows Server 2008 计算机(也是 IIS 7.5)时,WCF 拒绝识别一个标头,特别是Security来自http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd.

客户端配置如下:

<basicHttpsBinding>
    <binding name="MyBinding" transferMode="Streamed" 
             maxReceivedMessageSize="4294967290" maxBufferSize="65536">
        <security mode="TransportWithMessageCredential" >
            <message clientCredentialType="UserName"/>
        </security>
    </binding>
</basicHttpsBinding>
...
<client>
    <endpoint address="https://myservice.com/MyService.svc"
        binding="basicHttpsBinding" bindingConfiguration="MyBinding"
        contract="Service.IMyService" name="MyServiceEndpoint" />
</client>

服务器配置非常相似,添加了密码验证信息:

<service name="Service.IMyService" behaviorConfiguration="MyBehavior">
    <endpoint binding="basicHttpsBinding" name="MyServiceEndpoint" 
              contract="Service.IMyService" bindingConfiguration="MyBinding" />
</service>
...
<basicHttpsBinding>
    <binding name="MyBinding" transferMode="Streamed" 
             maxReceivedMessageSize="4294967290"
             maxBufferSize="65536">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
</basicHttpsBinding>
...
<behavior name="MyBehavior">
    <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" 
                customUserNamePasswordValidatorType="Service.CredentialValidator, MyAssembly" />
        <serviceCertificate findValue="MyCert" storeLocation="LocalMachine" 
                storeName="My" x509FindType="FindBySubjectName" />
    </serviceCredentials>
  ...
</behavior>

正如预期的那样,客户端请求包含一个带有身份验证信息的标头:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken u:Id="uuid-d7168ad6-a829-49ae-9952-dd286ed2ba6d-7">
                <o:Username>username</o:Username>
                <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    ...
</s:Envelope>

在本地,标头是这样理解的:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        ...
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2013-07-19T17:28:00.631Z</u:Created>
                <u:Expires>2013-07-19T17:33:00.631Z</u:Expires>
            </u:Timestamp>
        </o:Security>
    </s:Header>
    ...
</s:Envelope>

但是在部署时,没有这样的运气:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body>
        <s:Fault>
            <faultcode>s:MustUnderstand</faultcode>
            <faultstring xml:lang="en-US">The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed.  This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process.  Please ensure that the configuration of the client's binding is consistent with the service's binding. </faultstring>
        </s:Fault>
    </s:Body>
</s:Envelope>

我已经完成了所有典型的 ASP.NET / WCF 设置步骤,包括修复和重新注册处理程序等等。还有什么需要考虑的可能会导致这两种环境之间的差异吗?

4

0 回答 0