当使用者尝试调用虚拟机上托管的WCF服务调用时，WCF的访问被拒绝 [英] WCF gets Access denied when the consumer try invoke a WCF service calls hosted on Virtual Machine

问题描述

问题

System.ServiceModel.Security.SecurityAccessDeniedException : Access is denied.

相关堆栈行(减少)

Server stack trace: 
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

环境
开发人员计算机(主机):Windows Vista，Visual Studio 2008，nUnit
测试机(来宾):Windows 2003，IIS，Windows 2003防火墙(已禁用)
虚拟机:Virtual PC
网络:Microsoft回送适配器

Environment
Developer Machine (host): Windows Vista, Visual Studio 2008, nUnit
Test Machine (guest): Windows 2003, IIS, Windows 2003 Firewall (disabled)
Virtual Machine: Virtual PC
Network: Microsoft Loopback Adapter

说明
Windows 2003承载WCF服务清单，其中的服务都经过了良好的测试.
当应用程序使用者在Windows 2003中运行时-一切正常.
当应用程序使用者从Windows Vista(在此虚拟网络下)运行时，会出现安全问题.因此，需要调整服务质量并包括证书.已遵循文档，但访问仍被拒绝.

Description
The Windows 2003 hosts a WCF service inventory, services within are well tested.
When an application consumer runs inside windows 2003 - everything works fine.
When an application consumer runs from Windows Vista (under this virtual network) - security problems appears. So it was needed to adjust de service and include a certificate. Documentation was followed but the access still denied.

目的
无需复杂的安全措施-只需一台笔记本电脑和虚拟机即可. 我试图复制这种官方方案: http://msdn.microsoft.com/zh-CN/library/ms733938.aspx
我想使用单元测试应用程序(nunit)从Windows Vista OS下的应用程序调用Windows 2003上托管的服务.在Windows 2003上部署的服务是经过良好测试的.

Purpose
No sophisticated security arrangements is needed - its simply a laptop and virtual machine. I tried to replicate this official scenario: http://msdn.microsoft.com/en-us/library/ms733938.aspx
I want make calls to services hosted on windows 2003 from my application under Windows Vista OS using the Unit Test application (nunit). The deployed services on windows 2003 is a well tested ones.

工作原理
任何使用(或过去的.asmx webservices)服务均可正常运行.

WHAT WORKS
Any service using (or past .asmx webservices) works properly.

怀疑
我相信它必须与该死的Windows Vista一起使用. Windows 2003事件日志具有成功的审核条目.

Suspicion
I believe it has to be with this dammed Windows Vista. The Windows 2003 event log has successful auditing entries.

服务设置

在Windows Vista上运行的使用者-nunit应用程序:

The consumer - nunit application running on Windows Vista:

<system.serviceModel>
<client>
  <endpoint address="http://soa.homolog.com/RemoteService/RemoteService.svc"
      binding="wsHttpBinding"
      behaviorConfiguration="InternetEndpointBehavior" 
      bindingConfiguration="AnonymousBindingConfiguration"
      contract="RemoteService.IRemoteService" 
      name="WSHttpBinding_IEmpresaService">
    <identity>
      <dns value="homologCertificate"  />
    </identity>
  </endpoint>
</client>
<bindings>
  <wsHttpBinding>
    <binding name="AnonymousBindingConfiguration">
      <security mode="Message">
        <message clientCredentialType="None" />            
      </security>
    </binding>
 </bindings>
 <behaviors>
 <endpointBehaviors>
    <behavior name="InternetEndpointBehavior">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
 </behaviors>
</system.serviceModel>

该服务托管在IIS/Windows 2003上:

The service, hosted on IIS/Windows 2003:

<system.serviceModel>
<serviceHostingEnvironment>
  <baseAddressPrefixFilters>
    <add prefix="http://soa.homolog.com" />
  </baseAddressPrefixFilters>
</serviceHostingEnvironment>
<bindings>

  <wsHttpBinding>
    <binding name="BindingNoSecurity">          
      <security mode="Message">
        <message clientCredentialType="None"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior name="CompanyCoreBehavior">

      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug 
              includeExceptionDetailInFaults="true" />
      <serviceThrottling 
              maxConcurrentCalls="500" 
              maxConcurrentInstances="500" 
              maxConcurrentSessions="500" />
      <serviceTimeouts 
              transactionTimeout="00:10:00" />

      <serviceCredentials>
        <serviceCertificate
                    findValue="homologCertificate"
                    storeLocation="LocalMachine"
                    x509FindType="FindBySubjectName"
                    storeName="My"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

推荐答案

由在服务器上启用WCF跟踪.跟踪日志可能包含有意义的错误消息.启用消息日志记录，然后查看是否有明显的区别.接受和不接受.虽然，老实说，我不知道您的情况如何发生.

Start by enabling WCF tracing on the server. The trace log may contain a meaningful error message. Enable message logging and see if there any obvious differences between the messages that are accepted and those that are not. Although, honestly, I don't see how this can happen in your case.

这篇关于当使用者尝试调用虚拟机上托管的WCF服务调用时，WCF的访问被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！