服务器已拒绝客户端凭据,WCF作为Windows服务

时间:2012-01-09 13:47:35

标签: c# winforms wcf windows-services net.tcp

我可以使用Win-form应用程序连接到我的WCF服务,但是我无法使用我的Windows服务。每当我向代理触发open()时,它都会抛出以下错误

  

服务器已拒绝客户端凭据

     

内部异常:System.Security.Authentication.InvalidCredentialException:服务器   拒绝了客户凭证   ---> System.ComponentModel.Win32Exception:登录尝试失败
  ---内部异常堆栈跟踪结束---
  在System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult   lazyResult)
  在System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential   凭证,ChannelBinding绑定,String targetName,ProtectionLevel   requiredProtectionLevel,TokenImpersonationLevel   allowedImpersonationLevel)
  在System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential   凭证,String targetName,ProtectionLevel   requiredProtectionLevel,TokenImpersonationLevel   allowedImpersonationLevel)
  在System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream   stream,SecurityMessageProperty& remoteSecurity)

尝试寻找解决方案,但没有符合我的要求,因此发布了。

请帮忙......

更新1:

@ A.R。,尝试使用

client.ClientCredentials.Windows.AllowedImpersonationLevel =
    System.Security.Principal.TokenImpersonationLevel.Impersonation;

但无济于事。

更新2:

WCF服务配置

<system.serviceModel>
    <diagnostics performanceCounters="All" />
    <bindings>
      <netTcpBinding>
        <binding name="myBindingForLargeData" maxReceivedMessageSize="5242880" maxConnections="10">
          <readerQuotas maxDepth="64" maxStringContentLength="5242880" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
        </binding>
      </netTcpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WCFService.ServiceBehavior"
        name="WCFService.CollectorService">
        <endpoint address="" binding="netTcpBinding" bindingConfiguration="myBindingForLargeData"
          name="netTcpEndPoint" contract="WCFService.ICollectorService" />
        <endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
          name="mexTcpEndPoint" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="net.tcp://localhost:8010/WCFService.CollectorService/" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFService.ServiceBehavior">
          <serviceMetadata httpGetEnabled="False"/>
          <serviceDebug includeExceptionDetailInFaults="True" />
          <serviceThrottling
          maxConcurrentCalls="32"
          maxConcurrentSessions="32"
          maxConcurrentInstances="32"
           />
        </behavior>
      </serviceBehaviors>
    </behaviors>
</system.serviceModel>

4 个答案:

答案 0 :(得分:6)

感谢您的帮助。经过几天的一些研究和试验n错误方法后我得到了答案:)我知道我发布答案的时间已经很晚了,但我认为它迟到总比没有好。

所以这是解决方案

我必须对配置文件(客户端和服务器)进行一些更改

在客户端,我添加了<security>标记,如下所示

  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="netTcpEndPoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="5242880" maxBufferSize="5242880" maxConnections="15" maxReceivedMessageSize="5242880">
          <readerQuotas maxDepth="32" maxStringContentLength="5242880" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
         <security mode="Transport">
            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
            <message clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client>
      <endpoint address="net.tcp://xx.xx.xx.xx:8010/WCFService.CollectorService/" binding="netTcpBinding" bindingConfiguration="netTcpEndPoint" contract="CloudAdapter.CloudCollectorService.ICollectorService" name="netTcpEndPoint">
      </endpoint>
    </client>
  </system.serviceModel>

并在服务器端添加了相同的标记(WCF服务配置),如下所示

<bindings>
  <netTcpBinding>
    <binding name="myBindingForLargeData" maxReceivedMessageSize="5242880" maxConnections="10">
      <readerQuotas maxDepth="64" maxStringContentLength="5242880" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
         <security mode="Transport">
        <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
</bindings>

希望这能帮助有需要的人:)

所以KEY是使<security>标签在客户端和服务器配置文件上相同。

答案 1 :(得分:4)

基本上发生的事情是您的呼叫服务没有适当的凭据,就像从WinForms调用时所拥有的那样。你需要的是一些冒充。它需要一些设置,并且有点烦人,但它会起作用。

幸运的是,MSDN有一个很好的小练习 http://msdn.microsoft.com/en-us/library/ms731090.aspx

这里有一些关于这个主题的更一般的信息:
http://msdn.microsoft.com/en-us/library/ms730088.aspx

<强>更新
设置模拟标志是不够的。您必须实际模拟凭据才能使其正常工作。例如:

  // Let's assume that this code is run inside of the calling service.
  var winIdentity = ServiceSecurityContext.Current.WindowsIdentity;
  using (var impContext = winIdentity.Impersonate())
  {
    // So this would be the service call that is failing otherwise.
    return MyService.MyServiceCall();
  }

答案 2 :(得分:2)

在这篇文章The server has rejected the client credentials上查看我的答案。

请注意安全节点。 

<bindings>
  <netTcpBinding>
    <binding name="customTcpBinding" maxReceivedMessageSize="20480000" transferMode="Streamed" >
      <security mode="None"></security>
    </binding>
  </netTcpBinding>
</bindings>

答案 3 :(得分:1)

您在WCF服务上使用的身份验证模式是什么?似乎winform应用程序正在运行并提供正确的凭据,而您的Windows服务未使用指定的权限运行或传递的凭据无效。尝试使用Fiddler检查您的请求,当您使用winforms vs Windwos服务时,请查看差异。

相关问题
最新问题