所以我有一个带有netTcp绑定的WCF服务
<netTcpBinding>
<binding name="VpNetTcpBinding" portSharingEnabled="true" closeTimeout="00:02:00" openTimeout="00:02:00"
receiveTimeout="00:22:00" sendTimeout="00:24:00" maxReceivedMessageSize="131072" >
<reliableSession enabled="false" inactivityTimeout="00:50:00"/>
<security mode="Transport" >
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
以及连接到所述服务的 WPF 客户端
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
我在两个不同的 DEV 环境中使用了这些设置。在一个中,我必须使用凭据通过 VPN 连接连接到服务,因此我必须模拟这些凭据(因为它们尝试从另一个域传递本地凭据(,该服务不会接受。
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("name", "password", "domain.local");
这对我这个开发者来说只是必要的,因为其他人与服务位于同一域上。
现在,当我在另一个位置以相同的方式设置时,我总是收到此错误
System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
我在运行服务的同一台计算机上运行客户端,我正在远程处理,但假设该服务正在获取我远程控制的凭据。我试图以与以前相同的方式冒充这些凭据,但没有运气。
由于配置与以前的成功尝试基本相同,因此我假设是这里的其他设置困扰着我。
问题是我不知道Windows身份验证的工作原理。因此,我想提出一些我不知道的可能问题或我需要回答的问题来帮助我解决这个问题的一些事情。
1(当我设置此安全模式时,我准确地问了什么。据我了解,我只是问服务器是否可以验证我的凭据是否确实存在并且受域信任。我没有此域的完全权限,但我没有请求成为配置中任何组的一部分。这只是身份验证,而不是授权?
2(我从自己的域传入自己的凭据,我怀疑情况是否如此,因为我从远程运行客户端,并且我还尝试手动输入凭据信息(模拟(。
3(地方政策中的一些设置。我已经将"从网络访问此计算机"设置为经过身份验证的用户。
4( HTTP WCF 激活可能已关闭,但这无关紧要,因为这是一个 netTcp 绑定并且已打开。
任何人都有根据的猜测,实际上问题可能是什么。可悲的是,WCF 绑定配置不是我的强项,所以我可能会犯一些非常基本的错误,所以假设最坏的情况。
编辑
下面是一些堆栈跟踪。似乎没有帮助
10/14/2013 12:26:44
ErrorHandler
System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
--- End of inner exception stack trace ---
at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
at System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorBase.AcceptUpgrade(Stream stream)
at System.ServiceModel.Channels.InitialServerConnectionReader.UpgradeConnection(IConnection connection, StreamUpgradeAcceptor upgradeAcceptor, IDefaultCommunicationTimeouts defaultTimeouts)
at System.ServiceModel.Channels.ServerSessionPreambleConnectionReader.ServerFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()
10/14/2013 12:26:44
ErrorHandler-Message
The server has rejected the client credentials.
10/14/2013 12:26:44
ErrorHandler-InnerException
System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
--- End of inner exception stack trace ---
at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.NegotiateStream.AuthenticateAsServer(NetworkCredential credential, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel requiredImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
溶液
由于某种原因,我无法解释在同一台计算机上运行客户端,因为 WCF 服务弄乱了它。如果从其他地方运行,它工作正常。
我通常会检查3件事:
-
如果 IIS 安装了身份验证模式。 在这种情况下,请检查 Windows 功能并检查是否安装了 Windows 身份验证。 检查 IIS 设置。然后在 IIS 身份验证窗口中为服务启用此身份验证模式。
-
NTFS 权限。IIS 检查客户端凭据在您访问的文件夹/文件上是否有效。这是IIS的最后防御。
-
客户端的凭据。 在您的案例中看起来不错
跟踪上没有任何东西的事实可能是因为它在传递给服务之前被 IIS 拒绝。
尝试使用WCF配置工具,该工具的宽度为VS 2012。避免许多错误。
希望对您有所帮助。