我搜索了这个错误,没有找到正确的答案.. 2 个月前我在做 MVC -> WCF 通信。它起作用了,然后我注释掉了 PrincipalPermission 属性以使其在 localhost(VS IIS Express)上工作。
重新启用后,我收到错误“请求主体权限失败”。我想我的小组是错误的。
WCF 方面:
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[PrincipalPermission(SecurityAction.Demand, Role = "Test_Group")]
public class TestService : ITestService
{
public int Test()
{
return 0;
}
}
客户端:
public async Task<ActionResult> Test()
{
Services.TestClientService testClient = new Services.TestClientService();
testClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
testClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
try
{
int response = await testClient.TestAsync();
}
catch(Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
return View();
}
WCF 网络配置:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="authBehavior">
<!-- serviceAuthorizationManagerType="MyProject.Common.RoleAuthorizationManager, MyProject" -->
<serviceAuthorization principalPermissionMode="UseWindowsGroups">
<authorizationPolicies>
<add policyType="MyProject.Common.AuthorizationPolicy, MyProject" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyProject.Common.IdentityValidator, MyProject" />
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="svcBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MyProject.TestService" behaviorConfiguration="authBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="MyProject.ITestService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<!-- <protocolMapping>
<add binding="wsDualHttpBinding" scheme="https" />
</protocolMapping>-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
客户端网络配置:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<customInspector />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding" />
</basicHttpBinding>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="customInspector" type="MyMVC.Services.WCF.Behavior, MyMVC" />
</behaviorExtensions>
</extensions>
<client>
<endpoint address="http://localhost:9999/TestService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
contract="MyMVC.Services.ITestService" name="wsHttpEndpointBinding_ITestService" />
</client>
我无法访问 WCF AuthorizationPolicy.cs 来检查 Thread.CurrentPrincipal 是否已设置。
知道如何调试出了什么问题吗?我认为这是 Windows 中 Test_Group 的问题。WCF 和 MVC 在 IIS 中运行。MVC 在属于 Test_Group 的 IIS APPPOOL\MVC 下运行。
感谢帮助。