我有一个自托管服务,它包含一个使用NetTcpBinding和消息级安全性的端点(Basic128)。
可以从位于同一台计算机上的客户端成功添加和访问此服务
但是,如果我在远程计算机(通过本地网络)构建客户端,我可以成功添加服务引用,但是当我尝试运行它时,我收到 SecurityNegotiationException ,说" 来电者未经过服务验证"
它可能是什么?
这是服务的服务模型:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="metadataSupport">
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="ProductsServiceTcpBindingConfig">
<security mode="Message">
<message algorithmSuite="Basic128" />
</security>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="metadataSupport" name="Products.ProductsServiceImpl">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="ProductsServiceTcpBindingConfig"
name="NetTcp_IProductsService" contract="Products.IProductsService" />
<endpoint address="mex" binding="mexTcpBinding" name="MetaDataTcpEndpoint"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8080/Service" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
这是远程客户端的服务模型
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcp_IProductsService">
<security mode="Message">
<message algorithmSuite="Basic128" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://RemoteServer:8080/Service" binding="netTcpBinding"
bindingConfiguration="NetTcp_IProductsService" contract="ProductsService.IProductsService"
name="NetTcp_IProductsService">
<identity>
<userPrincipalName value="RemoteServer\Rafael" />
</identity>
</endpoint>
</client>
</system.serviceModel>
答案 0 :(得分:0)
您是否尝试过使用spnIdentity?有一种方法可以用虚拟身份来做到这一点。 http://blogs.msdn.com/b/tiche/archive/2011/07/13/wcf-on-intranet-with-windows-authentication-kerberos-or-ntlm-part-1.aspx
还要确保端口8080已打开。