Caller未被服务错误验证 - CRM 2011部署wcf服务方法调用SSL？ [英] Caller was not authenticated by the service error - CRM 2011 Deployment wcf service method call over SSL?

问题描述

我正试图在定制的vb.net应用程序中使用CRM 2011管理的 CRM 2011部署服务。 请不要告诉我，我应该使用部署经理进行我的操作，因为我必须根据组织的具体要求开发此定制应用程序。

I am trying to utilize CRM 2011 deployment service for CRM 2011 management in a custom made vb.net application. Please do not tell me that i should use deployment manager for my operations as i have to develop this custom application tailored to the specific requirements for my organization.

当我使用http，但是当我尝试使用SSL连接调用部署服务的方法时，一切都可以正常工作（HTTPS在服务器上启用）

以下是与HTTPS / SSL相关的客户端配置

<binding name="CustomBinding_IDeploymentServiceHttps">
      <security defaultAlgorithmSuite="Default" authenticationMode="SspiNegotiatedOverTransport"
                    requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="CombinedEntropy" protectTokens="false" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                    requireSecurityContextCancellation="true">
        <localClientSettings cacheCookies="true" detectReplays="false"
            replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
            replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
            sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
            timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
        <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
            maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
            negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
            sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
            reconnectTransportOnFailure="true" maxPendingSessions="128"
            maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        <secureConversationBootstrap />
      </security>
      <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
          messageVersion="Default" writeEncoding="utf-8">
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      </textMessageEncoding>
      <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
          maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
          bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
          realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
          useDefaultWebProxy="true" requireClientCertificate="false" />
    </binding>

和

 <client>
  <!-- Deployment Service Endpoints HTTP,HTTPS-->
  <endpoint address="http://10.40.30.20:5555/XRMDeployment/2011/Deployment.svc"
    binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentService"
    contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentService">
    <identity>
      <userPrincipalName value="LAB2010\administrator" />
    </identity>
  </endpoint>
  <endpoint address="https://www.mydomain.com/XRMDeployment/2011/Deployment.svc"
            binding="customBinding" bindingConfiguration="CustomBinding_IDeploymentServiceHttps"
            contract="CRM2011DeploymentSvc.IDeploymentService" name="CustomBinding_IDeploymentServiceHttps" />
</client>

我在asp.net应用程序中使用以下代码

I am using the following code in my asp.net application

Dim DomainCredentials As New NetworkCredential(ADUserName, ADPassword, DomainNETBIOS)
 If CRMDeploymentServiceURl.Trim().ToLower().StartsWith("https://") Then
            _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentServiceHttps")
        Else
            _CrmDeployService = New DepSvc.DeploymentServiceClient("CustomBinding_IDeploymentService")
        End If
        _CrmDeployService.ClientCredentials.Windows.ClientCredential = DomainCredentials
        _CrmDeployService.Endpoint.Address = New EndpointAddress(New Uri(CRMDeploymentServiceURl))
        _CrmDeployService.Endpoint.Binding.CloseTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.OpenTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.ReceiveTimeout = New TimeSpan(0, 30, 0)
        _CrmDeployService.Endpoint.Binding.SendTimeout = New TimeSpan(0, 30, 0)

上面的代码仅用于初始化服务。后来当我使用
_CrmDeployService对象调用方法时，一切都可以通过http而不是超过https

The above code is used just for initialization of the service. Later on when i call a method using _CrmDeployService object , everything works fine over http but not over https

请告诉我可以做什么来与HTTPS通信安全的部署服务，而不使用任何客户端证书。 （来自DigiCert的SSL证书已经安装在服务器上，网站可以通过任何Web浏览器中的SSL进行浏览，还需要什么其他证书？为什么？）

Please tell what can i do to communicate to the HTTPS secured Deployment service without using any client certificate. (SSL certificate from DigiCert is already installed on the server and website can be browsed over SSL in any web browser. What other certificate do i need and why?)

还有IIS设置已经根据需要完成。

Also IIS settings have been done as needed. WCf service is browesable over SSL/https via web browser.) I have tried anonymous authentication as well as authentication via a domain user at the server and handled the same in code as well.

是否有任何需要配置的更改？这是WCF的具体问题吗？我已经尝试过在 stackoverflow 上发布的解决方案好像超过msdn，但无济于事。 我无法更改服务器的web.config，我不能使用客户端证书，但我可以使用身份验证所需的任何凭据，我必须通过SSL实现。请帮助。谢谢

Is there any configuration change that i need to make? Is this a WCF specific issue?. I have tried solutions posted on stackoverflow as well as over msdn but to no avail. I cannot change the server's web.config and i must not use a client certificate but i can use any credentials required for authentication and i must achieve it over SSL. Please help. Thanks

推荐答案

SSL意味着它将需要证书。首先检查一下任何示例应用程序来检查WCF是否正在使用ssl，因为只有这样才能确保CRM服务器是问题（正在寻找证书），或者更糟糕的是，WCF在更早的时候才能到达那一点如果WCF出现故障，那么你必须为它创建一个临时证书。在互联网上有很多帮助代码是让你开始的。

SSL means it will gonna need the certificate. First check by making any example app to check if the WCF is working with ssl or not , because only then it can be assured that the CRM servers is the problem (it is looking for certificate) or worse you failed earlier by the WCF before reaching that point . If WCF is failing you then you have to create a temporary certificate for it .There are plenty help code at the internet here is one to get you started.

http://msdn.microsoft.com/en-us/library/ff648498.aspx

并在您的应用程序中使用以下绑定（如果您愿意，请使用不同的传输/邮件安全模式）：

and in your application, use the following binding (play around with the different transport/message security modes if you like):

<basicHttpBinding>
<binding name="basicHttp">
<security mode="TransportWithMessageCredential" >
<transport/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>

您还必须配置iis。您必须在iis中启用 https ，并分配我认为在目录安全性|服务器证书。

also you have to configure iis. You have to enable https in iis and also assign the certificate i think it is in Directory Security | Server Certificate.

如果它是一个silverlight应用程序，那么它将需要更多的额外开发。
快乐编码Machpanel：）

and if it is a silverlight application then it will need some more extra development. Happy coding Machpanel:)

这篇关于Caller未被服务错误验证 - CRM 2011部署wcf服务方法调用SSL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！