[英]WCF self-hosted: http request forbidden for authentication scheme anonymous
Situation: 情况:
We installed a self-hosted WCF Service on a new Windows Server 2016 Machine (machine X). 我们在新的Windows Server 2016计算机(计算机X)上安装了自托管WCF服务。 This service makes a call to a Tibco BW webservice on a different Windows Server 2016 machine (machine Y).
此服务在另一台Windows Server 2016计算机(计算机Y)上调用Tibco BW Web服务。
When the WCF service is run with user A (part of built-in Adminstrators) all requests are processed successfully. 当WCF服务与用户A(内置管理员的一部分)一起运行时,所有请求都将得到成功处理。 When the service is run as user B (service user) we receive the following message: "http request forbidden for authentication scheme anonymous"
当服务以用户B(服务用户)的身份运行时,我们收到以下消息:“禁止匿名身份验证方案的HTTP请求”
Both services run under basicHtttpBinding. 两种服务都在basicHtttpBinding下运行。
We were able to do the same installation on a different windows server 2016 environment with different users sucessfully. 我们能够与不同的用户成功地在不同的Windows Server 2016环境中进行相同的安装。
Steps taken so far: 到目前为止已采取的步骤:
Our Speculation 我们的推测
We suspect that User B is missing somekind of privilege to make http requests like User A is able to do. 我们怀疑用户B缺少某种类似于用户A能够发出http请求的特权。
Questions 问题
Thank you 谢谢
We did a wireshark analysis and found out that there was still a policy in place that required the service account to redirect all traffic over a proxy server. 我们进行了wireshark分析,发现仍然有一项策略要求服务帐户重定向代理服务器上的所有流量。 This proxy most likley had no idea how to handle WCF traffic and all requests resulted in the error message we observed.
大多数likley都不知道该代理如何处理WCF流量,所有请求均导致我们观察到错误消息。
Once we altered the policy to allow prevent the service user from using the proxy, the requests went trough as expected and as observed with the other administrator users. 一旦我们更改了策略以允许阻止服务用户使用代理,请求就会按照预期并与其他管理员用户一起观察到。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.