stackoom
  简体   繁体   中英

IIS 7 hosted WCF service using domain account for app pool identity

 原文  2011-03-16 14:20:06       wcf/ iis-7

Question

I am trying to do something which I think should be very simple, but I am not having any luck at all. I have a simple Hello World WCF service that I am hosting in IIS 7. The service works fine using the default app pool. However, when I create a new app pool and have that app pool run using a domain account I get an error when calling the service. I am certain I need to make config changes, however I don't know what they are. The error I get is

"Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/ep2t-ifs01'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server."

Security of this type is not something I am very knowledgeable about so no suggestion is too simple. ANY help at this point will be greatly appreciated. Here is relevant section from my web.config file:

2 answers

solution1
 3  2011-03-17 20:19:08

This issue is quite tricky. Here is a list of resources (in that particular order) you can check to understand the issue:

At the end, you will probably need to create a SPN for your domain account that is linked to the server you are deploying to. This requires domain administrator privileges. More info here

solution2
 0  2011-03-16 15:11:20

For some reason my web.config section didn't get saved... 

<system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="basicServiceBehavior">
      <serviceMetadata httpGetEnabled="True" />
      <serviceDebug includeExceptionDetailInFaults="False" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<services>
  <service name="WebSyncPrototypeMVCApp.Service1" behaviorConfiguration="basicServiceBehavior">
    <endpoint address="" binding="wsHttpBinding" contract="WebSyncPrototypeMVCApp.IService1" />
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
</services>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Impersonate WCF service to run under a specific Domain Account(Hosted on IIS) Identity Check Issues in IIS Hosted WCF Service IIS hosted WCF throws exception when running under domain account App domain when service hosted in IIS WCF Service running under app pool impersonating domain user account prints to network printer for one domain account but not another Using IdentityServer tokens in IIS hosted WCF service IIS WCF Service shuts down with domain user identity The lifecycle of WCF service hosted in IIS WCF Service hosted on IIS is not working ServiceActivationException for WCF service hosted on IIS 7
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM