WCF安全问题 [英] WCF security problem

问题描述

我有一个应用程序访问一个WCF服务，托管在一个控制台应用程序的服务器上。我没有问题，在那里，这是当我尝试从控制台应用程序的还以为我有问题，另一台服务器上访问其他服务。

I have an app that accesses a WCF service on a server which is hosted in a console app. I don't have a problem there, it's when I try access another service from the console app that's on yet another server that i have the problem.

我使用的是TCP连接，我使用所有的默认安全值。

I'm using TCP to connect and i'm using all the default security values.

所以我从A-> B去，然后将其从模具B->下用下去。需要注意的是，当我刚刚从A-去>ç一切都很好

So i'm going from A->B and then it dies going from B->C with. Note that when i just go from A->C everything is fine

错误： 调用SSPI失败......目标主要名称不正确......堆栈跟踪......

The error: "a call to SSPI failed" ... "the target principal name is incorrect" ... stack trace ...

在B计算打印出
Console.WriteLine（ServiceSecurityContext.Current.PrimaryIdentity.Name）; Console.WriteLine（ServiceSecurityContext.Current.WindowsIdentity.Name）;
我可以看到，这是我的Windows登录这是很好

In B when i print out
Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name); Console.WriteLine("ServiceSecurityContext.Current.WindowsIdentity.Name);
i can see that it's my windows login which is fine

这样看来，它不会对我的凭据传递时，它从B-> C

So it seems that it doesn't pass on my credentials when it goes from B->C

任何想法？

推荐答案

SSPI表明您使用的是Windows身份验证。

SSPI indicates you're using windows authentication.

你有没有在您的域中创建了服务C安全主体名称？谷歌SETSPN命令。问题是，窗口将不会从域传递凭证不受信任的系统。您可以通过在域中，然后让令牌传递提供安全主体名称信任它。

Have you created a secure principal name for service C in your domain? google the setspn command. The issue is that windows will not pass a credential from the domain to an untrusted system. You trust it by providing the secure principal name in the domain which then allows the token to be passed.

安全主体名称SPN创作教程

这篇关于WCF安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！