我有以下配置与WCF的net.tcp绑定服务(托管在IIS 7)根据
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="CommonWindowsBinding" maxReceivedMessageSize="40000000">
<security mode="TransportWithMessageCredential" >
<transport clientCredentialType="None"/>
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="CommonBehavior" name="Megatec.MasterTourService.AdminService">
<endpoint address="Windows" binding="netTcpBinding" bindingConfiguration="CommonWindowsBinding" name="Megatec.MasterTourService.Contracts.IAdminServiceWindows" contract="Megatec.MasterTourService.Contracts.IAdminService">
<identity>
<dns value="WCFServer" />
</identity>
</endpoint>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CommonBehavior">
<dataContractSerializer maxItemsInObjectGraph="10000000" />
<serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
<serviceCertificate findValue="WCFServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Megatec.MasterTourService.Security.CustomUserNameValidator, Megatec.MasterTourService.Security" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
代码
public class AdminService : BaseAuthService, IAdminService
{
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public bool HasRole(string roleName)
{
//work with database
}
}
WCF服务的域用户(应用程序池)不起作用
我在IIS 7上托管此服务,为应用程序池I设置域用户(Master \ MyLogin)。我需要域用户进行授权(根据step 4)。
当我从本地客户端(同一台计算机,在Master \ MyLogin或某个其他域用户下)使用服务时,它工作正常。但是,当我试图从其他网络计算机使用服务时,它失败了。一切工作正常与ApplicationPoolIdentity。
Master \ MyLogin是具有服务的计算机上的管理员(但他不是域管理员)。
也许,有权限,应授予Master \ MyLogin?
更新。客户端异常。
起初,有SecurityNegotiationException。接下来,我添加了部分
<identity>
<userPrincipalName value="[email protected]" />
</identity>
新的异常是MessageSecurityException。
The identity check failed for the outgoing message. The expected identity is "identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)" for the 'net.tcp://dev4-10:5012/IISTest/AdminService.svc/Windows' target endpoint.
我应该如何配置<identity>
客户端和服务?
_“it failed。”_ - 怎么了? – CodeCaster
你用正确的凭证连接吗? –
我添加了客户端异常。所有客户用户都是域用户。 –