这个问题已经在SO上讨论了几次,但我找不到任何合适的解决方案来解决我的问题。我有一个托管在外部服务器(其他域)上的WCF服务,我试图从命令行应用程序中使用它。我收到以下错误:
The request for security token could not be satisfied because authentication failed.
该服务在web.config文件中配置:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IRun">
<security mode="None">
<message clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.domain.net"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<behaviors>
<serviceBehaviors>
<behavior name="calculadora.SOA.RunBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="calculadora.SOA.RunBehavior" name="calculadora.SOA.Run">
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" binding="wsHttpBinding" contract="calculadora.SOA.IRun">
<identity>
<dns value="domain.net"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
</system.serviceModel>
在客户端,我创建了一个自定义绑定来连接到服务。以下是安全配置:
standardBinding.Security.Mode = SecurityMode.None;
standardBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
standardBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
standardBinding.Security.Transport.Realm = "";
standardBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
standardBinding.Security.Message.NegotiateServiceCredential = false;
standardBinding.Security.Message.EstablishSecurityContext = false;
standardBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default;
我没有使用任何安全机制进行身份验证,但是,服务似乎还在期待。在不同的域上工作时,是否必须使用基本的身份验证?
编辑:我没有在我的端点引用任何绑定配置。设置引用后,我收到另一条消息错误:
{"The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the
receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract
mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the
receiver. Check that sender and receiver have the same contract and the same binding (including security
requirements, e.g. Message, Transport, None)."}
问题是由我的客户绑定引起的。当我使用标准'WSHttpBinding'创建自定义绑定时,'SecurityMode'属性设置为'Message'而不是'None'。现在代码如下所示,服务最终起作用:
WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.None, false);
CustomBinding myCustomBinding = new CustomBinding(standardBinding);
非常感谢marc_s!
答案 0 :(得分:2)
我认为问题是您的服务端点定义:
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc"
binding="wsHttpBinding" contract="calculadora.SOA.IRun">
您使用的是标准的wsHttpBinding - 默认为集成Windows安全性作为邮件安全性。
虽然您确实定义了绑定配置(称为wsHttpBinding_IRun),但您在端点定义中并未引用 - 因此它不起作用。您需要使用bindingConfiguration属性扩展服务端点定义,如下所示:
<endpoint address="http://www.domain.net/calculadora/SOA/run.svc"
binding="wsHttpBinding"
bindingConfiguration="wsHttpBinding_IRun"
contract="calculadora.SOA.IRun">
以实际使用您定义的绑定配置(包括安全设置)。
答案 1 :(得分:0)
我遇到了同样的问题,经过一整天的投入,最后我弄明白了如何修复。关键是将establishSecurityContext =“false”放入消息标记中。
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>