WCF安全问题 [英] WCF security problem
问题描述
我有一个应用程序访问一个WCF服务,托管在一个控制台应用程序的服务器上。我没有问题,在那里,这是当我尝试从控制台应用程序的还以为我有问题,另一台服务器上访问其他服务。
I have an app that accesses a WCF service on a server which is hosted in a console app. I don't have a problem there, it's when I try access another service from the console app that's on yet another server that i have the problem.
我使用的是TCP连接,我使用所有的默认安全值。
I'm using TCP to connect and i'm using all the default security values.
所以我从A-> B去,然后将其从模具B->下用下去。需要注意的是,当我刚刚从A-去>ç一切都很好
So i'm going from A->B and then it dies going from B->C with. Note that when i just go from A->C everything is fine
错误: 调用SSPI失败......目标主要名称不正确......堆栈跟踪......
The error: "a call to SSPI failed" ... "the target principal name is incorrect" ... stack trace ...
在B计算打印出
Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name);
Console.WriteLine(ServiceSecurityContext.Current.WindowsIdentity.Name);
我可以看到,这是我的Windows登录这是很好
In B when i print out
Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name);
Console.WriteLine("ServiceSecurityContext.Current.WindowsIdentity.Name);
i can see that it's my windows login which is fine
这样看来,它不会对我的凭据传递时,它从B-> C
So it seems that it doesn't pass on my credentials when it goes from B->C
任何想法?
推荐答案
SSPI表明您使用的是Windows身份验证。
SSPI indicates you're using windows authentication.
你有没有在您的域中创建了服务C安全主体名称?谷歌SETSPN命令。问题是,窗口将不会从域传递凭证不受信任的系统。您可以通过在域中,然后让令牌传递提供安全主体名称信任它。
Have you created a secure principal name for service C in your domain? google the setspn command. The issue is that windows will not pass a credential from the domain to an untrusted system. You trust it by providing the secure principal name in the domain which then allows the token to be passed.
这篇关于WCF安全问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!