WCF 传输安全:套接字连接已中止 [英] WCF transport security: socket connection was aborted
问题描述
我在确保运输安全方面遇到问题.
I have a problem in getting transport security to work.
我有 2 个服务(A 和 B)在同一台服务器上运行.服务 A 将调用服务 B 来执行某些任务.没有任何安全措施,我可以正常交流.但是当我使用以下设置打开传输安全性时:
I have 2 services (A & B) running in the same server. service A will call service B to perform some task. Without any security, I can communicate just fine. But when I turn on transport security with the following settings:
- 安全模式 = 传输
- TransportClientCredentialType = Windows
- ProtectionLevel = EncryptAndSign
服务 A 调用服务 B 时出错:
I got error when service A calls service B:
System.ServiceModel.CommunicationException:套接字连接已中止.这可能是由于处理您的消息时出错或远程主机超过接收超时,或底层网络资源问题引起的.本地套接字超时为00:00:09.7810000".---> System.IO.IOException: 读取操作失败,查看内部异常.---> System.ServiceModel.CommunicationException: 套接字连接已中止.这可能是由于处理您的消息时出错或远程主机超过接收超时,或底层网络资源问题引起的.本地套接字超时为00:00:09.7810000".---> System.Net.Sockets.SocketException: 一个现有的连接被远程主机强行关闭
System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:09.7810000'. ---> System.IO.IOException: The read operation failed, see inner exception. ---> System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:09.7810000'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
我尝试将接收和发送超时更改为 5 分钟,但我仍然遇到相同的错误,超时持续时间大致相同.唯一的区别是我需要等待 5 分钟而不是 1 分钟.
I tried changing the receive and send timeout to 5 mins but I still get the same error with roughly the same timeout duration. The only difference is I need to wait out the 5 minutes instead of 1 minute.
谁能提供有关原因以及如何解决此问题的见解?
Can anyone provide an insight to what's the cause and how to resolve this?
附上两个服务的配置文件:
Attached is the configuration file for both service:
服务A
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation targetFramework="4.5" debug="true" defaultLanguage="c#" />
</system.web>
<system.serviceModel>
<protocolMapping>
<remove scheme="net.tcp" />
<add scheme="net.tcp" binding="netTcpBinding" bindingConfiguration="ReliableTCP" />
</protocolMapping>
<client/>
<behaviors>
<serviceBehaviors>
<behavior name="mexTag">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="tryBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="mexTcp">
<tcpTransport portSharingEnabled="true" />
</binding>
</customBinding>
<netTcpBinding>
<binding name="ReliableTCP" portSharingEnabled="true" sendTimeout="00:05:00" receiveTimeout="00:05:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<reliableSession enabled="true" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="mexTag" name="Test.Service.ServiceAImpl">
<endpoint address="net.tcp://app-svr:10010/ServiceA/ServiceAImpl/" behaviorConfiguration="tryBehavior"
binding="netTcpBinding" bindingConfiguration="ReliableTCP" contract="Test.Service.IServiceA" />
<endpoint address="net.tcp://app-svr:10012/ServiceA/ServiceAImpl/mex"
binding="customBinding" bindingConfiguration="mexTcp" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
服务B
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation targetFramework="4.5" debug="true" defaultLanguage="c#" />
</system.web>
<system.serviceModel>
<client>
<endpoint address="net.tcp://app-svr:10010/ServiceA/ServiceAImpl/"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IServiceA"
behaviorConfiguration="tryBehavior"
contract="ServiceAReference.IServiceA" name="NetTcpBinding_IServiceA" />
</client>
<behaviors>
<serviceBehaviors>
<behavior name="MEXGET" >
<!-- Add the following element to your service behavior configuration. -->
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="tryBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="MexTcp">
<tcpTransport portSharingEnabled="true" />
</binding>
</customBinding>
<netTcpBinding>
<binding name="ReliableTCP" portSharingEnabled="true">
<reliableSession enabled="true" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
<binding name="NetTcpBinding_IServiceA" receiveTimeout="00:05:00" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<reliableSession enabled="true" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
<mexTcpBinding>
<binding name="MexTcp" />
</mexTcpBinding>
</bindings>
<services>
<service name="Test.Service.ServiceBImpl" behaviorConfiguration="MEXGET" >
<endpoint address="mex"
binding="customBinding"
bindingConfiguration="MexTcp"
contract="IMetadataExchange" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
<endpoint
address="net.tcp://app-svr:10010/ServiceB/ServiceBImpl"
binding="netTcpBinding" behaviorConfiguration="tryBehavior"
bindingConfiguration="ReliableTCP"
contract="Test.Service.ServiceB" />
<host>
<baseAddresses>
<add baseAddress="http://app-svr:10011/ServiceB/ServiceBImpl" />
<add baseAddress="net.tcp://app-svr:10010/ServiceB/ServiceBImpl" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
推荐答案
我为此创建了扩展方法.一种用于 NetTcpBinding,一种用于 NetNamedPipeBinding.当然只能用于内部服务.时间也是如此,当夜间未使用默认服务时,它会在早上第一次调用时失败.
I've created extension method for this. One for NetTcpBinding and one for NetNamedPipeBinding. Only to be used on internal services of course. Timings too as when a default service is not used during the night it will fail on the first call in the morning.
public static void ActivateMaxValues(this NetTcpBinding b)
{
b.OpenTimeout = TimeSpan.FromHours(10);
b.CloseTimeout = TimeSpan.FromMinutes(10);
b.ReceiveTimeout = TimeSpan.FromHours(10);
b.SendTimeout = TimeSpan.FromHours(10);
b.MaxBufferSize = int.MaxValue;
b.MaxReceivedMessageSize = int.MaxValue;
b.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxArrayLength = int.MaxValue,
MaxBytesPerRead = int.MaxValue,
MaxDepth = int.MaxValue,
MaxNameTableCharCount = int.MaxValue,
MaxStringContentLength = int.MaxValue
};
}
public static void ActivateMaxValues(this NetNamedPipeBinding b)
{
b.TransactionFlow = true;
b.OpenTimeout = TimeSpan.FromHours(1);
b.CloseTimeout = TimeSpan.FromMinutes(10);
b.ReceiveTimeout = TimeSpan.FromHours(1);
b.SendTimeout = TimeSpan.FromHours(1);
b.MaxBufferSize = int.MaxValue;
b.MaxReceivedMessageSize = int.MaxValue;
b.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxArrayLength = int.MaxValue,
MaxBytesPerRead = int.MaxValue,
MaxDepth = int.MaxValue,
MaxNameTableCharCount = int.MaxValue,
MaxStringContentLength = int.MaxValue
};
}
这篇关于WCF 传输安全:套接字连接已中止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
