只能远程访问WCF工作流服务端点

时间:2016-03-16 16:27:42

标签: c# wcf iis workflow-foundation

我正在Windows Server 2008 R2 Standard上托管工作流服务。我通过在同一服务器上运行的Windows服务/ topshelf启用的控制台应用程序访问它。问题是,我无法在本地(来自同一服务器)访问端点,但可以从任何其他服务器访问它(使用完全相同的服务帐户,相同的域)。

我的客户端(Windows服务)绑定如下所示:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="BindingIBeginNewRequestAdded">
                    <security mode="Transport">
                        <transport clientCredentialType="Windows"/>
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://WorkFlowServerTest.corp.gdg/NewAccountRequestWorkflow.xamlx" binding="basicHttpBinding"
                bindingConfiguration="BindingIBeginNewRequestAdded" contract="NewAccountRequest.IBeginNewRequestAdded" name="BindingIBeginNewRequestAdded"/>
        </client>
    </system.serviceModel>

WorkFlow服务绑定如下所示:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="HTTPSBindingConfiguration">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
        <binding name="MEXHTTPSBindingConfiguration">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="HTTPSBehavior" name="NewAccountRequestWorkflow">
        <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MEXHTTPSBindingConfiguration" contract="IMetadataExchange" />
        <endpoint binding="basicHttpBinding" bindingConfiguration="HTTPSBindingConfiguration" name="SecureTransportNoCredentialsEndpoint6" contract="IBeginNewRequestAdded" />
      </service>
    </services>

C#/ Windows服务代码:

NewAccountRequest.BeginNewRequestAddedClient _ws = new NewAccountRequest.BeginNewRequestAddedClient();
_ws.BeginNewRequestAdded(_newRequest.RequestID);

错误:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
   at WinSvc.DailySales.NewAccountRequest.BeginNewRequestAddedClient.WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
   at WinSvc.DailySales.Classes.DailySalesExceptionHandler.CallGPAccountSubmitService()

所以我意识到了这一点:https://support.microsoft.com/en-us/kb/896861

并且已经将BackConnectionHostNames:WorkFlowServerTest.corp.gdg添加到HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ MSV1_0。

我已尝试绑定中的客户端和服务器clientCredentialType和安全模式设置的每种组合。丢失...

1 个答案:

答案 0 :(得分:0)

答案是注册表设置:HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ MSV1_0 \ BackConnectionHostNames

......不正确!

所以,我试着将它指向我的WorkFlowServerTest.corp.gdg DNS。但是,DNS只不过是指向该服务器的FQDN之一的CName。分辨率:

Ping该CNAME / DNS名称以获取IP地址。 NSLOOKUP即IP获取FQDN。将注册表项设置为FQDN并进行修复。固定!