1

问题一:有没有办法让setspn.exe在不需要重启电脑的情况下生效?

问题 2:我确实设置了 SPN 并在服务器上运行了我的 WCF 服务。客户端使用 Kerberos 连接,然后我更改了客户端的 Identity 元素并再次尝试。我发现它使用的是 NTLM 而不是 Kerberos,但这很好。

当我确实更改了 WCF 服务配置文件中的 SPN 并重新运行服务(不更改注册的 SPN)时,我发现它在客户端使用了 Kerberos 身份验证。为什么更改 WCF 服务的标识元素没有任何效果?怎么会这样?

注意:我正在使用提琴手来检查身份验证。

服务器端配置文件:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WcfServiceLibrary1.Service1">
        <host>
          <baseAddresses>
            <add baseAddress = "https://FQDN:PORT/TESTSVC/" />
          </baseAddresses>
        </host>
        <!-- Service Endpoints -->
        <!-- Unless fully qualified, address is relative to base address supplied above -->
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
          <identity>
            <servicePrincipalName value="svc1/FQDN:PORT" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="service_binding">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

客户端配置文件:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IService1">
                    <security mode="Transport" />
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://FQDN:PORT/TESTSVC/"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
                <identity>
                    <servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>
4

0 回答 0