错误消息：安全令牌请求不能被满足，因为身份验证失败 [英] Error message: The request for security token could not be satisfied because authentication failed

问题描述

我试图访​​问一个WCF服务（MS CRM 2011）并获得上述错误。如果我来自用卡西尼或IIS防爆preSS VS2010的调试器中运行我的示例程序，它的伟大工程。没有身份验证错误。

I am trying to access a WCF service (MS CRM 2011) and getting the above error. If I run my sample program from the VS2010 debugger with either Cassini or IIS Express it works great. No authentication errors.

不过，如果我发布网站，我的本地IIS 7.5（运行Windows 7 64位），我得到的错误上抓起CRM用户ID（WhoAmIResponse）行

However, if I publish the site to my local IIS 7.5 (running Windows 7 64 bit), I get the error on the line that grabs the CRM UserId (WhoAmIResponse).

我打开提琴手调试器下运行，并在IIS中运行的要求进行比较。对下运行的IIS网站的要求从来没有遇到，所以它一定是越来越远之前失败了。

I opened Fiddler to compare the requests between running under the debugger and running under IIS. On the site running under IIS the request never even comes across, so it must be failing before getting that far.

公布到IIS该网站的web.config中的设置...

The site as published to IIS has its web.config set for ...

    <authentication mode="Windows">
    </authentication>
    <identity impersonate="true"/>

该网站是preinstalled ASP.NET 4.0版的应用程序池下运行，集成的管道模式，ApplicationPoolIdentity帐户。

The site is running under the preinstalled ASP.NET v4.0 app pool, Integrated pipeline mode, ApplicationPoolIdentity account.

下面是我的code ...

Here is my code...

public class DemoController : Controller
{
    public ActionResult Index()
    {
        ClientCredentials credentials = new ClientCredentials();
        credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;

        var _serviceProxy = new OrganizationServiceProxy(new Uri("http://svr-rex2011-dev/TimeEntry/XRMServices/2011/Organization.svc"),
                                                            null,
                                                            credentials,
                                                            null);

        // This statement is required to enable early-bound type support.
        _serviceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());

        IOrganizationService service = (IOrganizationService)_serviceProxy;

        // Display information about the logged on user.
        Guid userid = ((WhoAmIResponse)service.Execute(new WhoAmIRequest())).UserId;
        SystemUser systemUser = (SystemUser)service.Retrieve("systemuser", userid,
            new ColumnSet(new string[] { "firstname", "lastname" }));

        // Retrieve the version of Microsoft Dynamics CRM.
        RetrieveVersionRequest versionRequest = new RetrieveVersionRequest();
        RetrieveVersionResponse versionResponse =
            (RetrieveVersionResponse)service.Execute(versionRequest);

        ViewBag.FirstName = systemUser.FirstName;
        ViewBag.LastName = systemUser.LastName;
        ViewBag.Version = versionResponse.Version;

        return View();
    }

}

任何想法？大部分AP preciated！

Any ideas? Much appreciated!!!

推荐答案

看来你所描述的情况是这样的：你得到验证错误，当你的应用程序尝试当它运行在IIS上访问CRM服务。当您从Visual Studio或IIS防爆preSS运行你的应用程序，然后你没有身份验证错误。

It seems the situation you are describing is this: you are getting authentication errors when your app tries to access the CRM service when it is running on IIS. When you run your app from Visual Studio or IIS Express then you don't have authentication errors.

如果这是真的，我是pretty确保您的问题是由于用来运行IIS的程序池为应用程序的身份。您需要的程序池身份改变为一个具有网络访问到CRM的服务。通常，它应该是一个域帐户正确的权限，但这样做有使用具有相同的密码的本地计算机帐户的方式（如果一个域名是绝对不推荐）。

If this is true, I'm pretty sure your issue is due to the identity used to run the IIS AppPool for your application. You need to change the AppPool identity to one that has network access to the CRM service. Normally it should be a domain account with the correct permissions but there are ways of doing this using local machine accounts that have the same password (definitely not recommend if a domain is available).

这篇关于错误消息：安全令牌请求不能被满足，因为身份验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！