stackoom
  简体   繁体   中英

Client unable to authenticate when connecting to WCF service

 原文  2010-02-09 23:34:31       wcf/ spn

Question

I have a WCF service hosted in a Windows service. The application is an intranet app, and I have programmatically set the bindings on both the service and the client as: 

NetTcpBinding aBinding = new NetTcpBinding(SecurityMode.Transport);
aBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
aBinding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;

Both the service and client have endpoints configured with SPNs: 

EndpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateSpnIdentity("Service1"));

As far as I know, I have setup the bindings correctly-- and I am usually able to connect to the service just fine. I did however run into a case where on a server running Windows Server 2003 R2, x64, SP2 I get the following exception immediately when the client tries to connect:

INNEREXCEPTION -- Exception Message:

InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials.

Stack Trace: 

at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

I get the exception when I try to connect to the service from another machine in the domain, but if I connect to the service on the same machine running the service it works fine.

The hosting service itself is running as a domain user account-- but I have tried running the service as a Local System and Network Service to no avail. I have checked the Local Security Policies for the server and didn't see anything amiss (ie 'Access this computer from the network' includes 'Everyone').

Anyone have an idea of what could resolve this?

I am wondering if I need to do something in Active Directory with respect to the service's SPN? I have read some about using setspn.exe to register or refresh SPNs, but I haven't needed to do this before. Why would this be working with other configurations but not the one above?

1 answers

solution1
 0  2010-03-29 04:41:55

尝试以具有本地管理员访问权限的帐户运行该服务-如果您不能在如此大的权限范围内运行该服务,那么我相信您需要使用您所暗示的setpn.exe。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authenticate a Client connecting to a web service WCF Service is not connecting to test client Delphi7 client connecting to WCF service WCF Client connecting to RESTful service is not working Connecting to a WCF Service through Android Client Connecting legacy WSE client to WCF service… with no changes to client WCF rest client: unable to send HTTP message when triggered by another WCF service in the solution How to authenticate client while consuming the WCF web service? How does a client WPF application authenticate with a WCF service on Azure? WCF Authenticate Client with database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM