安全支持提供程序接口(SSPI)协商失败. [英] The Security Support Provider Interface (SSPI) negotiation failed.
问题描述
我们在一个应用程序中运行了wcf AD服务,该服务在IIS应用程序池中具有一个凭据(域\用户1).当我们尝试将用户凭据更改为(domain \ user2)时,该服务将引发安全支持提供者接口(SSPI)协商失败.
we've wcf AD service running at one server with one credential(domain\user1) in IIS App pool. when we tried to change the user credentials to (domain\user2) ,the service throws The Security Support Provider Interface (SSPI) negotiation failed.
但是相同的凭据(domain \ user2)在其他服务器上也可以工作.有人可以帮助您了解是否将用户凭据设置添加到服务器的任何位置.
but the same credential (domain\user2) works in other server.can someone help to know if the user credentials setting to be added anywhere in the server.
下面是错误跟踪
与'http://localhost/ADService.svc'的目标'http://localhost/ADService.svc'的SOAP安全协商失败.有关更多详细信息,请参见内部异常. ---> System.ComponentModel.Win32Exception:安全支持提供程序接口(SSPI)协商
失败了.
at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte [] incomingBlob,ChannelBinding channelbinding,ExtendedProtectionPolicy protectionPolicy)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(消息传入消息,SspiNegotiationTokenProviderState sspiState)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(消息入站消息,T谈判状态)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
---内部异常堆栈跟踪的结尾---
服务器堆栈跟踪:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation操作,EndpointAddress目标,Uri通过,SecurityToken currentToken,TimeSpan超时)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
SOAP security negotiation with 'http://localhost/ADService.svc' for target 'http://localhost/ADService.svc' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: The Security Support Provider Interface (SSPI) negotiation
failed.
at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(Message incomingMessage, T negotiationState)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
推荐答案
您能帮忙清除以下几点吗?
Could you help to clear below points?
- "IIS应用程序池中的一个凭据(域\用户1)"是什么意思?您是说要配置在IIS中的domain \ user1帐户下运行的WCF服务?
- 相同的凭据(domain \ user2)在其他服务器上工作"是什么意思?您是创建新服务还是使用domain \ user2配置WCF客户端?
- 您能与我们分享您的WCF服务web.config和客户端app.config吗?
- What do you mean by "one credential(domain\user1) in IIS App pool" ? Do you mean you configure WCF Service running under domain\user1 account in IIS?
- What do you mean by "the same credential (domain\user2) works in other server"? Do you create new service or you configure WCF Client with domain\user2?
- Could you share us your WCF Service web.config and client app.config?
对于错误消息,建议您尝试从客户端app.config中删除身份,如下所示:
Per to error message, I suggest you try to remove identity from client app.config, something like below:
<identity>
<userPrincipalName value="MYDOMAIN\MyUsername" />
</identity>
这篇关于安全支持提供程序接口(SSPI)协商失败.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
