WCF Windows身份验证安全性错误 [英] WCF windows authentication security error
问题描述
我有一些code试图冒充呼叫者Windows安全设置,然后连接到另一个WCF服务在不同的机器上。
i have some code that tries impersonate the callers windows security settings and then connect to another WCF service on a different machine
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
using (callerWindowsIdentity.Impersonate())
{
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
EndpointAddress endpoint = new EndpointAddress(new Uri("net.tcp://serverName:9990/TestService1"));
ChannelFactory<WCFTest.ConsoleHost.IService1> channel = new ChannelFactory<WCFTest.ConsoleHost.IService1>(binding, endpoint);
WCFTest.ConsoleHost.IService1 service = channel.CreateChannel();
return service.PrintMessage(msg);
}
但我得到的错误:
呼叫者不是由服务认证
System.ServiceModel ....安全令牌请求不能被满足,因为身份验证失败...
But I get the error: "the caller was not authenticated by the service" System.ServiceModel .... The request for security token could not be satisfied because authentication failed ...
我试图模仿是的Valide Windows凭据为箱体的服务上的凭据。
The credentials I am trying to impersonate are valide windows credential for the box the service is on.
任何想法,为什么?
推荐答案
为了支持你的情况下,你需要有怎样的协议转换和的约束委派工作。您将需要配置Active Directory和您的WCF服务端点(S),以支持这一点。注意使用服务主体名称(SPN)的。看看下面的链接,看看他们是否帮助你。该制品具有一个样本来演示,使这项工作所需要的完整的端至端的配置。
In order to support your scenario, you need to have an understanding of how Protocol Transition and Constrained Delegation work. You will need to configure both Active Directory and your WCF service endpoint(s) to support this. Note the use of the Service Principal Name (SPN). Take a look at the following link and see if they help you. The article has a sample to demonstrate the complete end-to-end configuration required to make this work.
<一个href=\"http://wcfsecurity.$c$cplex.com/Wiki/View.aspx?title=How%20To%20-%20Impersonate%20the%20Original%20Caller%20in%20WCF%20calling%20from%20Web%20Application\"相对=nofollow>如何:在模仿WCF原调用从Web应用程序调用
这篇关于WCF Windows身份验证安全性错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
