所以我有一个带有netTcp绑定的WCF服务
<netTcpBinding>
<binding name="VpNetTcpBinding" portSharingEnabled="true" closeTimeout="00:02:00" openTimeout="00:02:00"
receiveTimeout="00:22:00" sendTimeout="00:24:00" maxReceivedMessageSize="131072" >
<reliableSession enabled="false" inactivityTimeout="00:50:00"/>
<security mode="Transport" >
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
和连接到所述服务的WPF客户端
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
我在两个不同的DEV环境中使用了这些设置。在一个我必须通过VPN连接与凭证连接到服务,所以我不得不冒充这些凭据(因为他们试图从另一个域传递本地凭据)服务不接受。
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("name", "password", "domain.local");
这对我来说只是必要的,因为其他人与服务在同一领域。
现在,当我在另一个位置设置相同的方式时,我总是会收到此错误
System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
我正在运行服务的同一台计算机上运行客户端,我正在进行远程处理,但假设该服务正在获取我所关注的凭据。我尝试以与以前相同的方式冒充这些凭据,但没有运气。
由于配置与以前的成功尝试基本相同,我假设这是其他一些困扰我的设置。
问题是我不知道Windows身份验证的工作原理。所以这里有一些我想建议的事情,可能会出现问题而不知道或问题我需要回答以帮助我解决这个问题。
1)当我设置这种安全模式时,我要求的是什么。据我了解,我只是询问服务器是否可以验证我的凭据是否确实存在并且是否受域信任。我没有对此域的完全权限,但我不是要求成为配置中任何组的一部分。这只是身份验证权限,而不是授权?
2)我从我自己的域中传递我自己的凭据,我怀疑是这种情况,因为我在远程内部运行客户端,我也尝试手动输入凭据信息(模仿)
3)当地政策中的一些设定。我已经设置了“从网络访问此计算机”到经过身份验证的用户。
4)HTTP WCF激活可能已关闭,但它无关紧要,因为这是一个netTcp绑定并且已打开。
任何人都有一个有根据的猜测,实际上可能是什么问题。可悲的是,WCF绑定配置不是我的强项,所以我可能会犯一些非常基本的错误,所以假设最坏的情况。
修改
这是一些堆栈跟踪。似乎没有帮助
10/14/2013 12:26:44
ErrorHandler
System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
--- End of inner exception stack trace ---
at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
at System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorBase.AcceptUpgrade(Stream stream)
at System.ServiceModel.Channels.InitialServerConnectionReader.UpgradeConnection(IConnection connection, StreamUpgradeAcceptor upgradeAcceptor, IDefaultCommunicationTimeouts defaultTimeouts)
at System.ServiceModel.Channels.ServerSessionPreambleConnectionReader.ServerFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()
10/14/2013 12:26:44
ErrorHandler-Message
The server has rejected the client credentials.
10/14/2013 12:26:44
ErrorHandler-InnerException
System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
--- End of inner exception stack trace ---
at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
解决方案
出于某种原因,我无法解释在同一台计算机上运行客户端,因为WCF服务正在弄乱它。如果从其他地方跑出来,它的工作正常。
答案 0 :(得分:1)
我通常会检查3件事:
如果IIS安装了身份验证模式。在这种情况下,请检查Windows功能并检查是否已安装Windows身份验证。检查iis setup。然后在IIS身份验证窗口中为您的服务启用此身份验证模式。
NTFS权限。 IIS检查客户端凭据是否对您访问的文件夹/文件有效。它是IIS的最后一道防线。
客户端的凭据。在你的情况下看起来很好
您在跟踪上没有任何内容的事实可能是因为它在传递给您的服务之前被IIS拒绝。
尝试使用宽带VS 2012的WCF配置工具。避免许多错误。
希望有所帮助。