.net - 通过 IIS 服务器的负载平衡器访问时出现 Kerberos 身份验证问题
问题描述
我已经为 IIS 服务器设置了负载平衡器 dns,并为 AD 中的负载平衡器设置了 spn。即使在 applicationPool 属性中将 applicationPool 设置为 true 并将内核模式设置为 false 之后,我仍然得到以下 kerberos 错误:
{ "Depth": 0, "ClassName": "System.IdentityModel.Tokens.SecurityTokenValidationException", "Message": "提供的 NetworkCredentials 无法创建 Kerberos 凭据,详情请参阅内部异常。", "Source": " System.IdentityModel", "StackTraceString": "在 System.IdentityModel.Tokens.KerberosRequestorSecurityToken..ctor(String servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential, String id, SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding)\r\n 在 System.IdentityModel.Selectors .KerberosSecurityTokenProvider.GetToken(TimeSpan 超时,ChannelBinding 通道绑定)\r\n 在 System.IdentityModel.Selectors.KerberosSecurityTokenProvider。GetTokenCore(TimeSpan timeout)\r\n 在 System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)\r\n 在 D:\app\ADO\Y88681 中的 CobraLux.Clients.ApiConnect.ApiConnectExtensions.GetKerberosTicket(Uri uri) .2\_work\4102\s\src\CobraLux.Clients\ApiConnect\ApiConnectExtensions.cs:line 57\r\n at .....", "RemoteStackTraceString": null, "RemoteStackIndex": 0, "ExceptionMethod" :{“名称”:“.ctor”,“AssemblyName”:“System.IdentityModel”,“AssemblyVersion”:“4.0.0.0”,“AssemblyCulture”:“”,“ClassName”:“System.IdentityModel.Tokens.KerberosRequestorSecurityToken ", "签名": "无效 .ctor(System.String, System.Security.Principal.TokenImpersonationLevel, System.Net.NetworkCredential,System.String, System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding)", "MemberType": 1 }, "HResult": -2146233087, "HelpURL": null },
{ "Depth": 1, "ClassName": "System.IdentityModel.Tokens.SecurityTokenException", "Message": "InitializeSecurityContent 失败。确保服务主体名称正确。", "Source": "System.IdentityModel", " StackTraceString": " 在 System.IdentityModel.Tokens.KerberosRequestorSecurityToken.Initialize(TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential, SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding)\r\n 在 System.IdentityModel.Tokens.KerberosRequestorSecurityToken..ctor(String servicePrincipalName, TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential, 字符串 id, SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding)", "RemoteStackTraceString":空,“RemoteStackIndex”:0,“ExceptionMethod”:{“名称”:“初始化”,“AssemblyName”:“System.IdentityModel”,“AssemblyVersion”:“4.0.0.0”,“AssemblyCulture”:“”,“ClassName” ": "System.IdentityModel.Tokens.KerberosRequestorSecurityToken", "签名": "无效初始化(System.Security.Principal.TokenImpersonationLevel, System.Net.NetworkCredential, System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding) ", "MemberType": 8 }, "HResult": -2146233087, "HelpURL": null },IdentityModel”,“AssemblyVersion”:“4.0.0.0”,“AssemblyCulture”:“”,“ClassName”:“System.IdentityModel.Tokens.KerberosRequestorSecurityToken”,“签名”:“无效初始化(System.Security.Principal.TokenImpersonationLevel, System.Net.NetworkCredential, System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding)”, “MemberType”: 8 }, “HResult”: -2146233087, “HelpURL”: null },IdentityModel”,“AssemblyVersion”:“4.0.0.0”,“AssemblyCulture”:“”,“ClassName”:“System.IdentityModel.Tokens.KerberosRequestorSecurityToken”,“签名”:“无效初始化(System.Security.Principal.TokenImpersonationLevel, System.Net.NetworkCredential, System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding)”, “MemberType”: 8 }, “HResult”: -2146233087, “HelpURL”: null },System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding)", "MemberType": 8 }, "HResult": -2146233087, "HelpURL": null },System.IdentityModel.SafeFreeCredentials, System.Security.Authentication.ExtendedProtection.ChannelBinding)", "MemberType": 8 }, "HResult": -2146233087, "HelpURL": null },
{ "Depth": 2, "ClassName": "System.ComponentModel.Win32Exception", "Message": "安全包中没有可用的凭据", "Source": null, "StackTraceString": null, "RemoteStackTraceString":空,“RemoteStackIndex”:0,“HResult”:-2147467259,“HelpURL”:空}
解决方案
推荐阅读
- java - Excel文件的Java Base64编码缺少最后一个字节
- reactjs - 在 Dagre D3 中添加自定义反应组件作为标签
- javascript - 为什么我的路由器不适用于 Firebase?
- python - Discord Translation Bot AttributeError:“NoneType”对象没有属性“组”
- python - Discord.py bot + Quart:尝试连接到语音通道总是会给出“任务的未来附加到不同的循环”
- c# - 如何使用 32 位 C#.NET 应用程序访问 64 位 HKLM\Software Registry
- python - 在 Windows 中创建虚拟环境
- google-bigquery - 时间分区表上的 BigQuery 原子负载?
- javascript - 带有“提交”的 addEventListener 不起作用,实际上保持刷新
- django - 使用 Django 频道定期向所有人广播消息