1

我有一个使用远程服务器上托管的 WCF 服务的 WinForms 应用程序。当我运行应用程序时,它会运行并加载数据,但在运行 30 秒或更长时间后,它会显示以下内容MessageSecurityException

安全处理器无法在邮件中找到安全标头。这可能是因为消息是不安全的错误,或者是因为通信双方之间存在绑定不匹配。如果为安全配置了服务并且客户端未使用安全性,则可能会发生这种情况。

我的服务配置是:

<system.serviceModel>
    <!-- change -->
    <bindings>
      <customBinding>
        <binding name="Wrabind" closeTimeout="00:05:00" openTimeout="00:05:00" sendTimeout="00:25:00">
          <textMessageEncoding/>
          <security authenticationMode="SecureConversation" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
            <localClientSettings maxClockSkew="00:30:00" />
            <localServiceSettings maxClockSkew="00:30:00" />
            <secureConversationBootstrap messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
              <localClientSettings maxClockSkew="00:30:00" />
              <localServiceSettings maxClockSkew="00:30:00" />
            </secureConversationBootstrap>
          </security>
          <httpTransport maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000" allowCookies="true" maxBufferSize="20000000" keepAliveEnabled="false" />
        </binding>
      </customBinding>
    </bindings>
    <!-- change -->
    <services>
      <service behaviorConfiguration="WServiceCoreService.Service1Behavior" name="WServiceCoreService.Service1">
        <endpoint address="http://subdomain.domain.com/service1.svc" binding="customBinding" bindingConfiguration="Wrabind" contract="WServiceCoreService.IService1" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WServiceCoreService.Service1Behavior">
          <serviceThrottling
maxConcurrentCalls="200"
maxConcurrentSessions="200"
maxConcurrentInstances="200" />
          <!-- To avoid disclosing metadata information, set the value below to false before deployment -->
          <serviceMetadata httpGetEnabled="false" />

          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />

        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment>
      <baseAddressPrefixFilters>
        <add prefix="http://subdomain.domain.com/" />
      </baseAddressPrefixFilters>
    </serviceHostingEnvironment>


  </system.serviceModel>

我的 WinForms 客户端配置是:

<system.serviceModel>

    <bindings>
      <wsHttpBinding>
        <binding name="CustomBinding_IService1"  maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000" allowCookies="true" closeTimeout="00:05:00" openTimeout="00:05:00" sendTimeout="00:25:00">
          <readerQuotas maxDepth="32" maxStringContentLength="5242880" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />

        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding"
        bindingConfiguration="CustomBinding_IService1" contract="WCoreService.IService1"
        name="CustomBinding_IService1">
        <identity>
          <userPrincipalName value="WIN-489ESBTC0A0\servewranglein_web" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>

我无法预测此配置有什么错误。请帮助我尽快解决这个问题。

更新:我正在使用 .NET 4.0

4

3 回答 3

1

请尝试在客户端将 enableUnsecuredResponse 设置为 true 并让我知道它是否有效。另请参阅此http://support.microsoft.com/kb/971493了解更多详细信息。

于 2013-10-03T12:56:17.107 回答
1

在我的情况下,在主机配置文件的 AudienceUris 标记中添加服务修复了相同异常的问题。

<system.identityModel>
...
    <identityConfiguration>
    ...
        <audienceUris>
            <add value="serviceName.svc" />
        </audienceUris>
    ...
    </identityConfiguration>
...
</system.identityModel>
于 2014-12-11T15:44:54.233 回答
1

试试这个(主机和客户端):

    <binding name="XXXXX">
      <security mode="None" >
        <transport clientCredentialType="None" />
        <message  establishSecurityContext="False" />
      </security>
    </binding>
于 2013-10-03T15:18:07.880 回答