1. 首頁
  2. 問答
  3. 如何使WCF服務服務器 - 客戶端時間差異獨立?

如何使WCF服務服務器 - 客戶端時間差異獨立?

2013-08-23 65 views
5

雖然從測試客戶端訪問WCF服務,我得到以下異常:如何使WCF服務服務器 - 客戶端時間差異獨立?

System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message. 
    --- End of inner exception stack trace ---

我搜索互聯網上這個問題的根本原因。我發現這主要是由於客戶端 - 服務器時間差異造成的。但我無法找到正確的解決方案。以下是我的服務器端配置:

<system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="RequestUserName"> 
      <security mode="Message"> 
       <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /> 

      </security> 
     </binding> 
     </wsHttpBinding> 

    </bindings> 
    <services> 
     <service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior"> 
     <!-- Service Endpoints --> 
     <endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding" contract="WCFService.IService1" bindingName="RequestUserName"> 


     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 

     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="WCFService.Service1Behavior"> 
      <!-- To avoid disclosing metadata information, set the value below to false before deployment --> 
      <serviceMetadata httpGetEnabled="false" /> 

      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 

     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment> 
     <baseAddressPrefixFilters> 
     <add prefix="http://subdomain.domain.com/"/> 
     </baseAddressPrefixFilters> 
    </serviceHostingEnvironment>

和客戶端配置:

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
     <bindings> 
      <wsHttpBinding> 
       <binding name="RequestUserName_IService1" /> 
      </wsHttpBinding> 
     </bindings> 
     <client> 
      <endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding" 
       bindingConfiguration="RequestUserName_IService1" contract="ServiceReference1.IService1" 
       name="RequestUserName_IService1"> 
       <identity> 
        <userPrincipalName value="DOMAIN\subdomaincom_web" /> 
       </identity> 
      </endpoint> 
     </client> 
    </system.serviceModel> 
</configuration>

請人幫我找到解決這個問題。

UPDATE:當我跟蹤的異常,內部異常是顯示這個The security timestamp is stale because its expiration time ('2013-08-21T11:17:39.482Z') is in the past. Current time is '2013-08-21T12:31:31.897Z' and allowed clock skew is '00:05:00'.

我的服務器使用UTC格式和我的客戶是一個通用的應用程序,可以從任何國家進行下載。

更新2:答案後配置:

<system.serviceModel> 
    <bindings> 
     <customBinding> 
     <binding name="Wrabind"> 
      <transactionFlow /> 
      <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
      <localClientSettings maxClockSkew="00:07:00" /> 
      <localServiceSettings maxClockSkew="00:07:00" /> 
      <secureConversationBootstrap messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" /> 
       <localClientSettings maxClockSkew="00:30:00" /> 
       <localServiceSettings maxClockSkew="00:30:00" /> 
      </security> 
      <textMessageEncoding /> 
      <httpTransport /> 
     </binding> 
     </customBinding> 
    </bindings> 
    <!-- change --> 
    <services> 
     <service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior"> 
     <!-- Service Endpoints --> 
     <endpoint address="http://subdomain.domain.com/service1.svc" binding="customBinding" contract="WCFService.IService1" bindingName="Wrabind"> 
      <!-- 
       Upon deployment, the following identity element should be removed or replaced to reflect the 
       identity under which the deployed service runs. If removed, WCF will infer an appropriate identity 
       automatically. 
      --> 

     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 

     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="WCFService.Service1Behavior"> 
      <!-- To avoid disclosing metadata information, set the value below to false before deployment --> 
      <serviceMetadata httpGetEnabled="false" /> 
      <!-- change --> 
      <!--<serviceCredentials> 
      <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFService.Authentication.DistributorValidator, WrangleCoreService"/> 
      <serviceCertificate findValue="WCFService" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/> 
      </serviceCredentials>--> 
      <!-- change --> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 

     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment> 
     <baseAddressPrefixFilters> 
     <add prefix="http://subdomain.domain.com/"/> 
     </baseAddressPrefixFilters> 
    </serviceHostingEnvironment> 
    <!--<standardEndpoints> 
     <webHttpEndpoint> 
     <standardEndpoint name="" helpEnabled="true" 
      automaticFormatSelectionEnabled="true"/> 
     </webHttpEndpoint> 
    </standardEndpoints>--> 

    </system.serviceModel>

來源

2013-08-23 Aishwarya Shiva

+0

http://stackoverflow.com/questions/1484601/wcfan-unsecured-or-incorrectly-fault-錯誤可能有幫助。 – Neha

+0

@Neha我檢查了上面的鏈接。但是我的客戶可以使用不同的時區,因爲它是可以從任何國家下載的通用應用程序。請看看我的問題更新。 –

+1

正如谷歌說...嘗試改變maxClockSkew ... http://forums.asp.net/t/1834072.aspx/1 – Neha

回答

3

可以有多個原因造成的錯誤,常見的是與服務器不認證客戶端variosu原因(也許不是在同一個域) 。要確定確切原因turn on wcf trace並查看它顯示爲紅色的錯誤。你正在尋找的是在跟蹤界面中稍微隱藏的inenr異常,它位於樹中間的右側。

下面是如何設定時鐘偏差:

<security authenticationMode="..."> 
      <localClientSettings maxClockSkew="00:07:00" /> 
      <localServiceSettings maxClockSkew="00:07:00" /> 
      <secureConversationBootstrap> 
       <localClientSettings maxClockSkew="00:30:00" /> 
       <localServiceSettings maxClockSkew="00:30:00" /> 
      </secureConversationBootstrap> 
</security>

注歪斜只能在自定義綁定來定義。由於您使用WSHttpBinding,因此您需要將其轉換爲可通過WCF binding converter在線完成的自定義綁定。

來源

2013-08-23 10:57:05

+0

這是我從內部異常:''安全時間戳已過期,因爲其過期時間('2013-08-21T11:17:39.482Z')已過期。當前時間爲'2013-08-21T12:31:31.897Z',允許時鐘偏差爲'00:05:00'。

+0

檢查兩臺機器中的時鐘是否準確(最多5分鐘不同)包括夏令時設置。只是爲了測試它們在小時,日光和時區方面的同步,並看看是否有幫助。 –

+0

我改變了客戶端時間,它工作。但正如我在我的問題更新,我的客戶端是一個可下載的應用程序,我的服務器使用UTC說(我不能改變服務器的時間,其被其他類型的客戶端)。所以我的客戶可以使用任何時區。此錯誤將重新出現在與服務器有更多時區差異的客戶端中。那麼是否有任何通用解決方案?這樣我的客戶端應用程序可以在世界的任何地方使用? –

0

我有同樣的問題,並遵循所有建議。但是我的錯在於我只改變了服務器配置,而我不得不改變客戶端配置。

這是我的配置沒有maxClockSkew

<?xml version="1.0" encoding="utf-8"?> 
<configuration> 
    <configSections> 
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> 
    </configSections> 
    <entityFramework> 
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" /> 
    <providers> 
     <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> 
    </providers> 
    </entityFramework> 
    <connectionStrings> 
    <!-- --> 
    </connectionStrings> 
    <system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="WSHttpBinding_IHotLine1" closeTimeout="00:10:00" 
      openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" 
      maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"> 
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" 
      maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> 
      <security> 
      <message clientCredentialType="UserName" /> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <client> 
     <endpoint address="localhost:6767/blabla.svc" binding="wsHttpBinding" 
     bindingConfiguration="WSHttpBinding_IHotLine1" contract="ServiceReference2.IHotLine" 
     name="WSHttpBinding_IHotLine1"> 
     <identity> 
      <certificate encodedValue="====encodedvalue===" /> 
     </identity> 
     </endpoint> 
    </client> 
    </system.serviceModel> 
</configuration>

而且隨着時鐘更新歪斜

<?xml version="1.0" encoding="utf-8"?> 
<configuration> 
    <configSections> 
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> 
    </configSections> 
    <entityFramework> 
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" /> 
    <providers> 
     <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> 
    </providers> 
    </entityFramework> 
    <system.serviceModel> 
    <bindings> 
     <customBinding> 
     <binding name="WSHttpBinding_IHotLine1"> 
      <transactionFlow/> 
      <security authenticationMode="SecureConversation" 
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
      <localClientSettings maxClockSkew="01:30:00" /> 
      <localServiceSettings maxClockSkew="01:30:00" /> 
      <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" 
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" > 
       <localClientSettings maxClockSkew="01:30:00" /> 
       <localServiceSettings maxClockSkew="01:30:00" /> 
      </secureConversationBootstrap> 
      </security> 
      <textMessageEncoding/> 
      <httpTransport maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" /> 
     </binding> 
     </customBinding> 
    </bindings> 
    <client> 

     <endpoint address="http://localhost:6767/blabla.svc" binding="customBinding" 
     bindingConfiguration="WSHttpBinding_IHotLine1" contract="ServiceReference2.IHotLine" 
     name="WSHttpBinding_IHotLine1"> 
     <identity> 
      <certificate encodedValue="====encodedvalue===" /> 
     </identity> 
     </endpoint> 
    </client> 
    </system.serviceModel> 
</configuration>

來源

2015-08-26 13:27:12

相關問題

 相關問題