我正在构建一个 ASP.NET 核心WebApi应用程序,该应用程序将成为在Windows机器上运行的WCF服务应用程序的客户端。这是我的服务客户端类:
public class VITServicesClient : ServicesClient, IDisposable
{
static SpnEndpointIdentity spn = new SpnEndpointIdentity("BtaIntercardSPN");
static EndpointIdentity endPointIdent = (spn as EndpointIdentity);
static readonly NetTcpBinding binding;
public static string Address { get; set; }
private static AddressHeader addressHeader1 = AddressHeader.CreateAddressHeader("specialservice1", "http://localhost:8000/service", 1);
private static AddressHeader addressHeader2 = AddressHeader.CreateAddressHeader("specialservice2", "http://localhost:8000/service", 2);
private static AddressHeader[] addressHeaders = new AddressHeader[2] { addressHeader1, addressHeader2 };
static VITServicesClient()
{
binding = new NetTcpBinding(SecurityMode.Transport);
binding.Name = "NetTcpBinding";
TcpTransportSecurity transportSecurity = new TcpTransportSecurity();
transportSecurity.SslProtocols = SslProtocols.Tls12;
transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport = transportSecurity;
binding.SendTimeout = new TimeSpan(0, 3, 0);
binding.MaxReceivedMessageSize = 1024 * 1024 * 100; //100MB max message size
}
public VITServicesClient() : base (binding, new EndpointAddress(new Uri(Address+":31716/IServices"), endPointIdent, addressHeaders))
{
}
public void Dispose()
{
}
}
这是执行 wcf 服务方法的 Web 控制器:
public async Task<string> GetDocumentByCountryCode(string countryCode)
{
try
{
VITServicesClient.Address = "net.tcp://10.64.4.61";
using (var service = new VITServicesClient())
{
var result = await service.GetDocumentSamplesByCountryCodeAsync(countryCode.ToString(), 1);
return (result as DocumentSamplesData[])[0].document_code;
}
}
catch (Exception ex)
{
return "failed " + ex.Message + ex.InnerException.InnerException.Message;
}
}
当我在 Windows 下运行客户端应用程序时,没有问题,但是当我在 Ubuntu 16.04 上部署应用程序并运行它时,当它尝试连接到 Windows 计算机上的 WCF 服务时,我收到该异常 - 对 SSPI 的调用失败,请参阅内部异常。GSSAPI 操作失败并显示错误 - 提供了无效的状态代码(SPNEGO 找不到协商机制(
我搜索了这个问题,Windows中的kerberos身份验证一定存在一些问题。 问题可能出在我在代码中使用的配置中,或者 Ubuntu 中可能存在必须更改的选项。
您必须在 Linux 上安装 gss-ntlmssp 来解决此问题,请使用以下命令
sudo apt-getupdate && apt-get install -y --no-install-recommendation gss-ntlmssp
sudo apt-get update && sudo apt-get install -y --no-install-recommends gss-ntlmssp
在"&&"之后需要第二个"sudo",以防止@fkucuk错误。