0

这些场景各自发挥作用。当我把它放在一起时,它就坏了。

我有一个使用 netTCP 的 WCF 服务,它使用模拟来获取呼叫者 ID(将在此级别使用基于角色的安全性)

最重要的是使用带有 TransportCredientialOnly 的 basicHTTP 的 WCF 服务,它也使用模拟

然后我有一个连接到 basicHttp 的客户端前端。

游戏的目的是从底部的 netTCP 服务返回客户端用户名 - 所以最后我可以在这里使用基于角色的安全性。

每个服务都在不同的机器上-当您在本地和远程运行客户端时,当您删除它们对其他服务的任何调用时,每个服务都可以工作。IE 问题仅在您跨越多个机器边界时才会出现。

即,当我将每个部分连接在一起时,设置会中断 - 但它们本身可以正常工作。

我还指定

方法中的 [OperationBehavior(Impersonation = ImpersonationOption.Required)] 和

将 IIS 设置为仅允许 Windows 身份验证(实际上我仍然启用了 ananymous,但禁用没有区别)

这种模拟在我在机器 A 上有一个 netTCP 服务的情况下工作得很好我收到以下错误:

例外是“套接字连接已中止。这可能是由于处理您的消息时出错或远程主机超出接收超时,或者是潜在的网络资源问题造成的。本地套接字超时为“00:10:00”,内部消息为“现有连接被远程主机强制关闭”

我开始认为这更像是一个网络问题而不是配置......但后来我抓住了稻草......

配置文件如下(从客户端到 netTCP 层)

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00"
                    openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00"
                    allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc"
                binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint"
                contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint" 
 behaviorConfiguration="ImpersonationBehaviour" />
        </client>
  <behaviors>
   <endpointBehaviors>
    <behavior name="ImpersonationBehaviour">
     <clientCredentials>
      <windows allowedImpersonationLevel="Impersonation"/>
     </clientCredentials>
    </behavior>
   </endpointBehaviors>
  </behaviors>
    </system.serviceModel>
</configuration>

客户端的服务(basicHttp 服务和 netTCP 服务的客户端)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="netTcpBindingEndpoint" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
          transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
          hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
          maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
            enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
            <message clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
  <basicHttpBinding>
   <binding name="basicHttpWindows">
    <security mode="TransportCredentialOnly">
     <transport clientCredentialType="Windows"></transport>
    </security>
   </binding>
  </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc"
    binding="netTcpBinding" 
    bindingConfiguration="netTcpBindingEndpoint"
    contract="ServiceReference1.IService1" 
    name="netTcpBindingEndpoint"
    behaviorConfiguration="ImpersonationBehaviour">
        <identity>
          <dns value="localhost" />
        </identity>
      </endpoint>
    </client>
    <behaviors>
  <endpointBehaviors>
   <behavior name="ImpersonationBehaviour">
    <clientCredentials>
     <windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/>
    </clientCredentials>
   </behavior>
  </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
   <services>
    <service name="WCFTopWindowsTest.Service1"
       behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour">
     <endpoint address=""
      binding="basicHttpBinding"
      bindingConfiguration="basicHttpWindows"
      name ="basicHttpBindingEndpoint"
      contract ="WCFTopWindowsTest.IService1">

     </endpoint>      
   </service>       
   </services>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
        <directoryBrowse enabled="true" />
  </system.webServer>

</configuration>

最后是 netTCP 层的服务

<?xml version="1.0" encoding="UTF-8"?>
<configuration>

  <system.web>
   <authentication mode="Windows"></authentication>
   <authorization>
    <allow roles="*"/>
   </authorization>
    <compilation debug="true" targetFramework="4.0" />
        <identity impersonate="true" />
  </system.web>
  <system.serviceModel>
   <bindings>
    <netTcpBinding>
     <binding name="netTCPwindows">
      <security mode="Transport">
       <transport clientCredentialType="Windows"></transport>
      </security>
     </binding>
    </netTcpBinding>
   </bindings>
   <services>
    <service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1">
     <endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1">
      <identity>
       <dns value="localhost" />
      </identity>
     </endpoint>  
     <endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/>
     <host>
      <baseAddresses>     
       <add baseAddress="net.tcp://localhost:8721/test2" />
      </baseAddresses>
     </host>
    </service>       
   </services>   
    <behaviors>  
      <serviceBehaviors>
        <behavior name="netTCPwindows.netTCPwindowsBehaviour">  

          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="false" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
        <directoryBrowse enabled="true" />
  </system.webServer>

</configuration>
4

1 回答 1

2

如果您需要进行多于一跳,则需要为此启用委派。您可以在此处获得更多信息。

话虽如此,如果您需要做的只是确定调用后端服务 (netTcp) 的用户的角色,则不一定需要模拟,因为 WindowsIdentity 的 TokenImpersonationLevel 只需要是 Information 即可确定角色会员资格。在这种情况下,您只需要确保模拟发生在中间层 (basicHttp)。

于 2010-05-04T16:44:49.280 回答