从其托管服务器连接到WCF服务时出错
[英]Error connecting to WCF service from its hosting server
问题描述
This may be stupid/not possible. 
这可能是愚蠢的/不可能的。 However, what I am trying to achieve is as follows: 但是,我想要达到的目标如下:
- I have a VM hosting WCF web services in IIS 7 on Windows Server 2008 我有一个VM在Windows Server 2008的IIS 7中托管WCF Web服务
- I am using the basichttp binding 我正在使用basichttp绑定
- The client code runs perfectly on other machines 客户端代码可以在其他计算机上完美运行
- This server VM also needs to perform batch processing so I need to use the client access to these WCF services on it 此服务器VM还需要执行批处理,因此我需要使用对其上这些WCF服务的客户端访问权限
When run on the actual box hosting the WCF services I get...
在托管WCF服务的实际机器上运行时,我得到... System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'.
System.ServiceModel.Security.MessageSecurityException:使用客户端身份验证方案'Ntlm'的HTTP请求是未经授权的。 The authentication header received from the server was 'Negotiate,NTLM'. 从服务器收到的身份验证标头是“ Negotiate,NTLM”。 ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. ---> System.Net.WebException:远程服务器返回错误:(401)未经授权。 at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace --- 在System.Net.HttpWebRequest.GetResponse()在System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)-内部异常堆栈跟踪的结尾- Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory) at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) a
服务器堆栈跟踪:位于System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest请求,HttpWebResponse响应,HttpChannelFactory工厂,WebException)的System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest请求,HttpWebResponse响应,WebException responseException,HttpChannelFactory工厂)在System.ServiceModel.Channels.RequestChannel.Request(消息,TimeSpan超时)处在System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan超时),在System.ServiceModel.Dispatcher.RequestChannelBinder.Request(消息,TimeSpan) System.ServiceModel.Channels.ServiceChannel.Call(字符串操作,布尔型单向,ProxyOperationRuntime操作,在System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime)处的Object [] ins,Object [] outs,TimeSpan超时)操作) t System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) t System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage消息) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
异常重新引发为[0]:System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&msgData,Int32类型)在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,IMessage retMsg)
What I am wondering is whether what I am attempting is actually possible - I see no reason why I shouldn't be able to connect to a service from the hosting machine but the specifics may prevent me - and if it is, what changes do I need to make to my settings to achieve it? 我想知道的是我实际上是否可以尝试-我认为没有理由为什么我不能从主机连接到服务,但具体细节可能阻止我-如果是的话,我应该进行哪些更改需要对我的设置进行设置吗?
The dll concerned sets up the binding as follows... 有关的dll设置绑定如下:
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
binding.TransferMode = TransferMode.Buffered;
binding.MaxBufferPoolSize = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.OpenTimeout = openTimeout;
binding.SendTimeout = sendTimeout;
binding.ReceiveTimeout = receiveTimeout;
binding.CloseTimeout = closeTimeout;
return binding;
Output of cscript authentication is... cscript身份验证的输出是...
NTAuthenticationProviders : (STRING) "Negotiate,NTLM"
The service is set to demand membership of a network group for which the user connecting is a member (PrincipalPermission). 该服务设置为要求用户连接的网络组的成员身份(PrincipalPermission)。
As indicated in the comments below, I have viewed the security event log and found that when the user (network account) connects as a client to the WCF service on the host machine there is an entry complaining that the account failed to logon - a Null SID is passed. 如下注释所示,我查看了安全事件日志,发现当用户(网络帐户)作为客户端连接到主机上的WCF服务时,会有一个条目抱怨该帐户登录失败-空SID已传递。
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: *<network account>*
Account Domain: *<account domain>*
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0x0
The question is, why is this happening? 问题是,为什么会这样?
1 个解决方案
解决方案1
1 2012-02-22 00:12:51
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.