1

所以我有一个带有 netTcp 绑定的 WCF 服务

<netTcpBinding>
    <binding name="VpNetTcpBinding" portSharingEnabled="true"  closeTimeout="00:02:00" openTimeout="00:02:00"
             receiveTimeout="00:22:00" sendTimeout="00:24:00" maxReceivedMessageSize="131072" >
      <reliableSession enabled="false" inactivityTimeout="00:50:00"/>
      <security mode="Transport"  >
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>

和连接到所述服务的 WPF 客户端

<security mode="Transport">
        <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
        <message clientCredentialType="Windows" />
      </security>

我在两个不同的 DEV 环境中使用了这些设置。在一个中,我必须通过带有凭据的 VPN 连接连接到服务,因此我不得不模拟这些凭据(因为他们试图从另一个域传递本地凭据)服务不会接受。

client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("name", "password", "domain.local");

这对我来说只是必要的,因为其他人与服务在同一个域中。

现在,当我在另一个位置以相同的方式设置时,我总是会收到此错误

System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed

我在服务运行的同一台计算机上运行客户端,我正在远程处理但假设服务正在获取我远程访问的凭据。我试图以与以前相同的方式冒充这些凭据,但没有运气。

由于配置与之前的成功尝试基本相同,我假设这里有其他一些设置让我感到困扰。

问题是我不知道 Windows 身份验证是如何工作的。因此,这里有一些我想在不知道的情况下建议可能存在的问题,或者我需要回答的问题来帮助我解决这个问题。

1)当我设置这种安全模式时,我在问什么。据我了解,我只是在询问服务器他是否可以验证我的凭据确实存在并且受到域的信任。我对此域没有完全权限,但我不要求加入配置中的任何组。这只是认证权,不是授权?

2)我从我自己的域传递我自己的凭据,我怀疑是这种情况,因为我是从远程运行客户端并且我还尝试手动输入凭据信息(模拟)。

3) 本地政策中的一些设置。我已经将“从网络访问这台计算机”设置为经过身份验证的用户。

4) HTTP WCF 激活可能已关闭,但这并不重要,因为这是一个 netTcp 绑定并且已打开。

任何人都有一个有根据的猜测实际上可能是什么问题。遗憾的是,WCF 绑定配置不是我的强项,所以我可能会犯一些非常基本的错误,所以假设最坏的情况。

编辑

这是一些堆栈跟踪。似乎没有帮助

10/14/2013 12:26:44 
ErrorHandler
System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
   --- End of inner exception stack trace ---
   at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   at System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorBase.AcceptUpgrade(Stream stream)
   at System.ServiceModel.Channels.InitialServerConnectionReader.UpgradeConnection(IConnection connection, StreamUpgradeAcceptor upgradeAcceptor, IDefaultCommunicationTimeouts defaultTimeouts)
   at System.ServiceModel.Channels.ServerSessionPreambleConnectionReader.ServerFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()

10/14/2013 12:26:44 
ErrorHandler-Message
The server has rejected the client credentials.

10/14/2013 12:26:44 
ErrorHandler-InnerException
System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
   --- End of inner exception stack trace ---
   at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
   at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

解决方案

出于某种原因,我无法解释在 WCF 服务弄乱它的同一台计算机上运行客户端。如果从其他地方运行,它工作得很好。

4

1 回答 1

1

我通常会检查三件事:

  • 如果 IIS 安装了身份验证模式。在这种情况下,请检查 Windows 功能并检查是否安装了 Windows 身份验证。检查iis 设置。然后在 IIS 身份验证窗口中为您的服务启用此身份验证模式。

  • NTFS 权限。IIS 检查客户端凭据在您访问的文件夹/文件上是否有效。它是 IIS 的最后一道防线。

  • 客户端的凭据。在你的情况下看起来不错

您在跟踪上没有任何内容的事实可能是因为它在传递给您的服务之前被 IIS 拒绝。

尝试使用WCF配置工具,宽度VS 2012自带的。避免很多错误。

希望它有所帮助。

于 2013-10-16T20:17:40.260 回答