我的WCF服务使用wsHttpBinding,当客户端使用默认选项对服务进行gerenated时,客户端可以正常工作,如下所示:
RServiceClient R = new RServiceClient();
但是,在某些时候我需要能够指定服务的位置,可能是通过更改端点地址,如下所示:
RServiceClient R = new RServiceClient();
R.Endpoint.Address = new EndpointAddress(new Uri "http://xxx.xxxx.xxx:80/RServer/RService.svc"));
但是,当我确实指定了确切的端点时,我得到一个SecurityNegotiationException: System.ServiceModel.Security.SecurityNegotiationException未处理 Message =“呼叫者未通过服务进行身份验证。” 源= “mscorlib程序” ....
WCF服务在IIS上运行,并在IIS管理员下启用了匿名访问。此外,当客户端从与管理员帐户下的服务相同的计算机运行时,会发生此错误 - 我还没有完成通过网络运行它的可怕部分!
任何想法?
答案 0 :(得分:8)
默认情况下,wsHttpBinding使用Windows身份验证。我不确定IIS中的托管如何影响该场景。
如果您不想打开安全性,可以添加一个安全元素,并将模式元素设置为“无”到两端的配置以关闭默认设置。
我认为这可能有用 - 我已经为wsHttpBinding添加了部分,并将服务的bindingConfiguration设置为指向新添加的绑定属性:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBind">
<security mode="None">
<transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
<message clientCredentialType="None" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="RService">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="wsHttpBind"
name="RService"
contract="IRService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
name="MetadataExchange"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
答案 1 :(得分:3)
从您的配置中检查:
...
<identity>
<dns value="localhost" />
</identity>
...
afaik wsHttpBinding默认情况下邮件安全性已开启。 当它检查dns值“localhost”时,它会失败。
答案 2 :(得分:0)
您是否将MessageSecurity与证书一起使用?这可能是证书问题(错误的主机名,未安装的自签名证书等)。
答案 3 :(得分:0)
这是我的服务配置信息,我正在使用wshttpbinding:
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior" name="RService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
name="RService" contract="IRService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" name="MetadataExchange"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
答案 4 :(得分:0)
删除身份块不起作用,虽然确实给了我一个想法: 如果我更改端点地址:
R.Endpoint.Address = new EndpointAddress(new Uri("http://bigpuss.homeip.net/RServer/RService.svc"));
到
R.Endpoint.Address = new EndpointAddress(new Uri("http://localhost/RServer/RService.svc"));
然后一切正常! Soo,它显然对非本地URL地址感到不满。配置中是否还有其他区域设置了安全性?