时间戳

首页 > 解决方案 > 带有 Windows 身份验证的 IIS 中托管的 WCF netTcpBinding 抛出“该服务不允许您匿名登录”

wcf - 带有 Windows 身份验证的 IIS 中托管的 WCF netTcpBinding 抛出“该服务不允许您匿名登录”

问题描述

我有一个 WCF 服务,netTCPBinding 托管在 IIS 中的服务器“A”中,默认安全性(模式=传输)。因此,显然它使用 Windows 身份验证。此 WCF 服务通过托管在 IIS 中的服务器“B”中的 ASP.Net Web 应用程序使用,并且一切正常,直到我为 Web 应用程序打开 Windows 身份验证。打开 Windows 身份验证时,我收到以下错误。匿名身份验证已关闭,在 IIS 中仅启用了 Windows 身份验证

System.IdentityModel.Tokens.SecurityTokenValidationException: The service does not allow you to log on anonymously.
   at System.ServiceModel.Security.SecurityUtils.ValidateAnonymityConstraint(WindowsIdentity identity, Boolean allowUnauthenticatedCallers)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.CreateClientSecurity(NegotiateStream negotiateStream, Boolean extractGroupsForWindowsAccounts)
   at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeAcceptor.OnAcceptUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
   at System.ServiceModel.Channels.StreamSecurityUpgradeAcceptorBase.AcceptUpgrade(Stream stream)
   at System.ServiceModel.Channels.InitialServerConnectionReader.UpgradeConnection(IConnection connection, StreamUpgradeAcceptor upgradeAcceptor, TimeSpan openTimeout, IDefaultCommunicationTimeouts defaultTimeouts)
   at System.ServiceModel.Channels.ServerSessionPreambleConnectionReader.ServerFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelHandler.OpenAndEnsurePump()

现在,当 WCF 服务和 Web 应用程序都在同一台服务器上时,它可以正常工作。仅当出现不同的服务器并且 Windows 身份验证以外的任何其他功能也正常工作时,才会出现此问题。仅供参考,服务器位于受信任的域中。

以下是 WCF 服务配置

<system.serviceModel>
        <behaviors>
            <endpointBehaviors>
                <behavior name="BehaviorA">
                    <clientCredentials>
                        <windows />
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
            <serviceBehaviors>
                <behavior name="Service1Behavior">
                    <dataContractSerializer maxItemsInObjectGraph="2147438647" />
                    <serviceCredentials>
                        <windowsAuthentication />
                    </serviceCredentials>
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <serviceMetadata httpGetEnabled="false" />
                    <serviceThrottling maxConcurrentCalls="1000" maxConcurrentInstances="1000" maxConcurrentSessions="1000" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <bindings>
            <mexTcpBinding>
                <binding name="MaxiMexBinding" />
            </mexTcpBinding>
            <netTcpBinding>
                <binding closeTimeout="00:01:00" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="100" maxReceivedMessageSize="2147483647" name="PortSharingBinding" openTimeout="00:01:00" portSharingEnabled="true" receiveTimeout="10675199.02:48:05.4775807" sendTimeout="00:01:00" transactionFlow="false" transactionProtocol="OleTransactions" transferMode="Buffered">
                    <readerQuotas maxArrayLength="2147438647" maxBytesPerRead="2147438647" maxDepth="2147438647" maxNameTableCharCount="2147438647" maxStringContentLength="2147438647" />
                    <reliableSession enabled="false" inactivityTimeout="00:10:00" ordered="true" />
                    <security mode="Transport">
                        <transport protectionLevel="EncryptAndSign"/>
                    </security>
                </binding>
            </netTcpBinding>
        </bindings>
        <diagnostics>
            <messageLogging logEntireMessage="true" logMalformedMessages="false" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="2147483647" maxSizeOfMessageToLog="2147483647" />
        </diagnostics>
        <services>
            <service behaviorConfiguration="Service1Behavior" name="Test">
                <endpoint address="" binding="netTcpBinding" bindingConfiguration="PortSharingBinding" contract="MyContract" name="Ep1">
                </endpoint>
                <host>
                    <baseAddresses>
                        <add baseAddress="net.tcp://mydomain.com:808/MyWcf.svc" />
                    </baseAddresses>
                </host>
            </service>
        </services>
    </system.serviceModel>

客户端配置使用与上面相同的方法,因此没有重大问题。

如果有人可以帮助我,那就太好了。

标签: wcfwcf-bindingwcf-securitynettcpbinding

解决方案

推荐阅读