客戶端和WCF服務之間的身份驗證失敗

Question

這是一個已經在SO上討論過幾次的問題，但我找不到適合我的問題的解決方案。我有一個WCF服務託管在外部服務器（其他域），我試圖從命令行應用程序使用它。我收到以下錯誤：

The request for security token could not be satisfied because authentication failed. 

服務配置web.config文件中：

<system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="wsHttpBinding_IRun"> 
      <security mode="None"> 
      <message clientCredentialType="None" /> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <serviceHostingEnvironment> 
     <baseAddressPrefixFilters> 
     <add prefix="http://www.domain.net"/> 
     </baseAddressPrefixFilters> 
    </serviceHostingEnvironment> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="calculadora.SOA.RunBehavior"> 
      <serviceMetadata httpGetEnabled="true"/> 
      <serviceDebug includeExceptionDetailInFaults="true"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <services> 
     <service behaviorConfiguration="calculadora.SOA.RunBehavior" name="calculadora.SOA.Run"> 
     <endpoint address="http://www.domain.net/calculadora/SOA/run.svc" binding="wsHttpBinding" contract="calculadora.SOA.IRun"> 
      <identity> 
      <dns value="domain.net"/> 
      </identity> 
     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> 
     </service> 
    </services> 
</system.serviceModel> 

在客戶端，我創建了一個自定義綁定連接到服務。這裏是安全配置：

standardBinding.Security.Mode = SecurityMode.None; 
standardBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; 
standardBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None; 
standardBinding.Security.Transport.Realm = ""; 
standardBinding.Security.Message.ClientCredentialType = MessageCredentialType.None; 
standardBinding.Security.Message.NegotiateServiceCredential = false; 
standardBinding.Security.Message.EstablishSecurityContext = false; 
standardBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default; 

我沒有使用任何認證安全機制，但仍然，服務似乎在期待一個

。在不同領域工作時，是否必須使用基本認證？

編輯：我沒有在我的端點引用任何綁定配置。一旦基準設置，我收到另一個消息錯誤：

{"The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the 
receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract 
mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the 
receiver. Check that sender and receiver have the same contract and the same binding (including security 
requirements, e.g. Message, Transport, None)."} 

問題是我客戶的結合造成的。當我使用標準的'WSHttpBinding'創建自定義綁定時，'SecurityMode'屬性被設置爲'消息'而不是'None'。現在代碼如下所示，服務終於起作用：

WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.None, false); 
CustomBinding myCustomBinding = new CustomBinding(standardBinding); 

非常感謝marc_s！

Answer 1

我認爲這個問題是您的服務端點定義：

<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" 
      binding="wsHttpBinding" contract="calculadora.SOA.IRun"> 

您使用的是標準的wsHttpBinding - 默認爲集成的Windows安全性信息的安全性。

當你定義一個綁定配置（稱爲wsHttpBinding_IRun），你不引用它在你的端點定義 - 這樣就不會發揮作用。您需要將服務端點定義一個bindingConfiguration屬性擴展，像這樣：

<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" 
      binding="wsHttpBinding" 
      bindingConfiguration="wsHttpBinding_IRun" 
      contract="calculadora.SOA.IRun"> 

，以實際使用您定義的綁定配置（包括安全設置）。

Answer 2

我遇到了同樣的問題，經過一整天的投入，最後我找出如何解決。關鍵是將establishSecurityContext =「false」放入消息標記中。

<security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="None" /> 
     <message clientCredentialType="UserName" establishSecurityContext="false" /> 
     </security>