WCF - 更改端点地址会导致安全异常 [英] WCF - changing endpoint address results in securityexception

问题描述

我的 WCF 服务使用 wsHttpBinding 并在客户端使用默认选项生成服务时从客户端正常工作，如下所示:

My WCF Service uses wsHttpBinding and works fine from the client when the service is gerenated by the client using the default options as follows:

RServiceClient R = new RServiceClient();

但是，在某些时候，我需要能够指定服务的位置，大概是通过如下更改端点地址:

However, at some point I'll need to be able to specify the location of the service, presumably by changing the endpoint address as follows:

RServiceClient R = new RServiceClient();
R.Endpoint.Address = new EndpointAddress(new Uri "http://xxx.xxxx.xxx:80/RServer/RService.svc"));

然而，当我指定确切的端点时，我得到一个 SecurityNegotiationException:System.ServiceModel.Security.SecurityNegotiationException 未处理Message="调用者未通过服务进行身份验证."Source="mscorlib"....

However, when I do specify the exact endpoint, I get a SecurityNegotiationException: System.ServiceModel.Security.SecurityNegotiationException was unhandled Message="The caller was not authenticated by the service." Source="mscorlib"....

WCF 服务在 IIS 上运行，并在 IIS 管理员下启用匿名访问.此外，当客户端与管理员帐户下的服务在同一台机器上运行时，会发生此错误 - 我还没有达到在网络上运行它的可怕部分！

The WCF service runs on IIS and has anonymous access enabled under IIS admin. Also, this error occurs when the client is run from the same machine as the service under an admin account - I havn't got to the scary part of running it over the net yet!

有什么想法吗?

推荐答案

默认情况下，wsHttpBinding 使用 Windows 身份验证.我不确定 IIS 中的托管如何影响这种情况.

By default, wsHttpBinding uses Windows authentication. I'm not sure how hosting in IIS affects that scenario.

如果不想开启安全，可以添加安全元素，在两端的config中设置mode元素为None"，关闭默认设置.

If you don't want security turned on, you can add an element for security and set the mode element to "None" to the config on both ends to turn off the default setting.

我认为这可能会奏效——我已经添加了 wsHttpBinding 部分，并将您的服务的 bindingConfiguration 设置为指向新添加的绑定属性:

I think this may do the trick -- I've added the section for wsHttpBinding and set the bindingConfiguration of your service to point to the newly added binding properties:

<system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBind">
          <security mode="None">
            <transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
            <message clientCredentialType="None" algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
        <service behaviorConfiguration="ServiceBehavior" 
            name="RService">
            <endpoint address="" 
                binding="wsHttpBinding" 
                bindingConfiguration="wsHttpBind" 
                name="RService" 
                contract="IRService"> 
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
            <endpoint address="mex" 
                binding="mexHttpBinding" 
                name="MetadataExchange" 
                contract="IMetadataExchange" />
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
            <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="true"/>
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

这篇关于WCF - 更改端点地址会导致安全异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！