我有以下配置與WCF的net.tcp綁定服務(託管在IIS 7)根據
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="CommonWindowsBinding" maxReceivedMessageSize="40000000">
<security mode="TransportWithMessageCredential" >
<transport clientCredentialType="None"/>
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="CommonBehavior" name="Megatec.MasterTourService.AdminService">
<endpoint address="Windows" binding="netTcpBinding" bindingConfiguration="CommonWindowsBinding" name="Megatec.MasterTourService.Contracts.IAdminServiceWindows" contract="Megatec.MasterTourService.Contracts.IAdminService">
<identity>
<dns value="WCFServer" />
</identity>
</endpoint>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CommonBehavior">
<dataContractSerializer maxItemsInObjectGraph="10000000" />
<serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
<serviceCertificate findValue="WCFServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Megatec.MasterTourService.Security.CustomUserNameValidator, Megatec.MasterTourService.Security" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
代碼
public class AdminService : BaseAuthService, IAdminService
{
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public bool HasRole(string roleName)
{
//work with database
}
}
WCF服務的域用戶(應用程序池)不起作用
我在IIS 7上託管此服務,爲應用程序池I設置域用戶(Master \ MyLogin)。我需要域用戶進行授權(根據step 4)。
當我從本地客戶端(同一臺計算機,在Master \ MyLogin或某個其他域用戶下)使用服務時,它工作正常。但是,當我試圖從其他網絡計算機使用服務時,它失敗了。一切工作正常與ApplicationPoolIdentity。
Master \ MyLogin是具有服務的計算機上的管理員(但他不是域管理員)。
也許,有權限,應授予Master \ MyLogin?
更新。客戶端異常。
起初,有SecurityNegotiationException。接下來,我添加了部分
<identity>
<userPrincipalName value="[email protected]" />
</identity>
新的異常是MessageSecurityException。
The identity check failed for the outgoing message. The expected identity is "identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)" for the 'net.tcp://dev4-10:5012/IISTest/AdminService.svc/Windows' target endpoint.
我應該如何配置<identity>
客戶端和服務?
_「it failed。」_ - 怎麼了? – CodeCaster
你用正確的憑證連接嗎? –
我添加了客戶端異常。所有客戶用戶都是域用戶。 –