[英]The identity check failed for the outgoing message
We have a WCF Service that runs on a Domain Server. 我们有在域服务器上运行的WCF服务。 We have a couple a website (WCF Client) not on the domain and we use Username and password to authenticate.
我们有两个不在域中的网站(WCF客户端),我们使用用户名和密码进行身份验证。 And everything workes fine.
一切正常。
Some days when the Service app-pool recycles the website fails to connect and starts throwing lots of identity check failed error messages. 某些日子,当Service应用程序池回收时,网站无法连接,并开始抛出很多身份检查失败的错误消息。 (The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint )' for the 'http://xxx.com:8004/sts.svc/username' target endpoint.) But most days it works fine.
(预期的身份为'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possess属性: http : //schemas.xmlsoap.org/ws/2005/05/identity/claims/ 'http://xxx.com:8004/sts.svc/username'目标终结点的指纹 )。
What could be wrong and how to resolve this. 有什么问题以及如何解决。
** The clocks on the server and client are in sync. **服务器和客户端上的时钟同步。
thanks Ravi 谢谢拉维
Check the clocks on the servers and clients. 检查服务器和客户端上的时钟。 WS-Security fails if the clock skew between the client and server is greater than a threshold, 5 minutes by default.
如果客户机和服务器之间的时钟偏差大于阈值(默认值为5分钟),则WS-Security失败。
The automatic clock sync on Windows Server doesn't always do its job. Windows Server上的自动时钟同步并非总能完成。 Clients may not sync at all.
客户端可能根本不同步。 If everyone syncs to a reputable time source (NIST, for example), your problems may go away entirely.
如果每个人都同步到一个有信誉的时间源(例如NIST),则您的问题可能会完全消失。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.