客户端和WCF服务之间的身份验证失败

Question

这是一个已经在SO上讨论过几次的问题，但我找不到适合我的问题的解决方案。我有一个WCF服务托管在外部服务器（其他域），我试图从命令行应用程序使用它。我收到以下错误：

The request for security token could not be satisfied because authentication failed. 

服务配置web.config文件中：

<system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="wsHttpBinding_IRun"> 
      <security mode="None"> 
      <message clientCredentialType="None" /> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <serviceHostingEnvironment> 
     <baseAddressPrefixFilters> 
     <add prefix="http://www.domain.net"/> 
     </baseAddressPrefixFilters> 
    </serviceHostingEnvironment> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="calculadora.SOA.RunBehavior"> 
      <serviceMetadata httpGetEnabled="true"/> 
      <serviceDebug includeExceptionDetailInFaults="true"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <services> 
     <service behaviorConfiguration="calculadora.SOA.RunBehavior" name="calculadora.SOA.Run"> 
     <endpoint address="http://www.domain.net/calculadora/SOA/run.svc" binding="wsHttpBinding" contract="calculadora.SOA.IRun"> 
      <identity> 
      <dns value="domain.net"/> 
      </identity> 
     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> 
     </service> 
    </services> 
</system.serviceModel> 

在客户端，我创建了一个自定义绑定连接到服务。这里是安全配置：

standardBinding.Security.Mode = SecurityMode.None; 
standardBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; 
standardBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None; 
standardBinding.Security.Transport.Realm = ""; 
standardBinding.Security.Message.ClientCredentialType = MessageCredentialType.None; 
standardBinding.Security.Message.NegotiateServiceCredential = false; 
standardBinding.Security.Message.EstablishSecurityContext = false; 
standardBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default; 

我没有使用任何认证安全机制，但仍然，服务似乎在期待一个

。在不同领域工作时，是否必须使用基本认证？

编辑：我没有在我的端点引用任何绑定配置。一旦基准设置，我收到另一个消息错误：

{"The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the 
receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract 
mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the 
receiver. Check that sender and receiver have the same contract and the same binding (including security 
requirements, e.g. Message, Transport, None)."} 

问题是我客户的结合造成的。当我使用标准的'WSHttpBinding'创建自定义绑定时，'SecurityMode'属性被设置为'消息'而不是'None'。现在代码如下所示，服务终于起作用：

WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.None, false); 
CustomBinding myCustomBinding = new CustomBinding(standardBinding); 

非常感谢marc_s！

Answer 1

我认为这个问题是您的服务端点定义：

<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" 
      binding="wsHttpBinding" contract="calculadora.SOA.IRun"> 

您使用的是标准的wsHttpBinding - 默认为集成的Windows安全性信息的安全性。

当你定义一个绑定配置（称为wsHttpBinding_IRun），你不引用它在你的端点定义 - 这样就不会发挥作用。您需要将服务端点定义一个bindingConfiguration属性扩展，像这样：

<endpoint address="http://www.domain.net/calculadora/SOA/run.svc" 
      binding="wsHttpBinding" 
      bindingConfiguration="wsHttpBinding_IRun" 
      contract="calculadora.SOA.IRun"> 

，以实际使用您定义的绑定配置（包括安全设置）。

Answer 2

我遇到了同样的问题，经过一整天的投入，最后我找出如何解决。关键是将establishSecurityContext =“false”放入消息标记中。

<security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="None" /> 
     <message clientCredentialType="UserName" establishSecurityContext="false" /> 
     </security>