问题在运行一个安全的WCF服务在DMZ
https://stackoverflow.com/questions/1901639
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我有一些麻烦两个网络应用程序通信每一其他使用WCF服务。这是我的方案:
- 网络应用程序"A"是部署在一个服务器的企业内联网和部域"内联网"
- 网络应用程序"B"部署在服务器的非军事区,接触到互联网和部域"外联网"
- 防火墙之间的两个领域,而没有信任关系。
- "A"的呼吁一些WCF服务在"B"、使用wsHttpBinding
- WCF服务在"B"运输安全的SSL下在IIS。
- 我们正在使用用户名认证的行为进行认证的"A"
这是服务器的结构:
">
<binding name="UsernameWithTransport"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName" negotiateServiceCredential="false" /> </security> </binding> </wsHttpBinding>" 似乎一切都在我的测试环境,其中有两个领域像中的生产。尽管如此,在生产环境中,我得到一个丑陋的错误,每次"的一个"调用"B",这是:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
第一,我认为这是一个问题的时间同步服务器,因为我可以重现相同的例外情况的测试环境通过改变的时钟与differece的10分钟。Unfortunally这并不似乎是问题引起我们的生产服务器也在同步。
的任何信息会被理解!!
解决方案
最后,我们可以sove的问题,和它是应用游泳池的身份是无法写入在"C:\Windows emp"因为缺乏权限。
它似乎MessageSecurityException是一个通用的一种异常和可能会引发许多问题。要知道真正的例外,我们增加了一个serviceDebug行为来服务配置和手表的事件查看器的详细信息的错误。
这是调试配置:
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceSecurityAudit auditLogLocation="Application"
suppressAuditFailure="false"
serviceAuthorizationAuditLevel="None"
messageAuthenticationAuditLevel="SuccessOrFailure" />
</behavior>
不管怎样,谢谢!
其他提示
对于匿名的,用户名或证书的客户的凭据类型,设置这一财产[negotiateservicecredential]以假意味着,服务证书必须提供客户带和客户必须指定服务的证书来使用。
不隶属于 StackOverflow
