WCF TCP Windows身份验证问题

Question

我的情况是我有两台机器。

• A型机
• B型机

B机上的客户端成功连接到机器A上的主机。

B机上的客户端成功连接到机器B上的主机。

A机上的客户端成功地连接到机器B上的主机。

计算机上的客户端-- System.ServiceModel.Security.SecurityNegotiationException:服务器拒绝了客户端凭据.

我正在使用Windows身份验证。

客户端：

        var netTcpBinding = new NetTcpBinding()
        {
            Security = new NetTcpSecurity()
            {
                Mode = SecurityMode.Transport,
                Transport = new TcpTransportSecurity()
                {
                    ClientCredentialType = TcpClientCredentialType.Windows,
                }
            },
            TransferMode = TransferMode.Streamed,
            MaxReceivedMessageSize = long.MaxValue,
            MaxBufferSize = int.MaxValue,
            MaxBufferPoolSize = long.MaxValue,
            ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
            {
                MaxDepth = int.MaxValue,
                MaxArrayLength = int.MaxValue,
                MaxStringContentLength = int.MaxValue
            },
            SendTimeout = TimeSpan.MaxValue,
            ReceiveTimeout = TimeSpan.MaxValue
        };

        string endpointAddress;
        if (port == 0)
            endpointAddress = string.Format("net.tcp://{0}/Configuration", host);
        else
            endpointAddress = string.Format("net.tcp://{0}:{1}/Configuration", host, port);

        Console.WriteLine("Endpoint: {0}", endpointAddress);

        var factory = new ChannelFactory<IMyChannel>(netTcpBinding);
        factory.Endpoint.Address = new EndpointAddress(new Uri(endpointAddress), new DnsEndpointIdentity("MyDns"));

        //Do not verify
        factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

        factory.Credentials.Windows.ClientCredential.Domain = domain;
        factory.Credentials.Windows.ClientCredential.UserName = username;
        factory.Credentials.Windows.ClientCredential.Password = password;

        //Console.WriteLine("Opening Channel Factory ... ");
        factory.Open();

主机：

    #region INIT

    //Set configuration file just once
    if (ChannelServices.RegisteredChannels.Length == 0)
    {
        RemotingConfiguration.Configure(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile, false);
    }

    _serviceHost = null;
    _serviceHost = new ServiceHost(typeof(MyChannel));
    _serviceHost.AddDefaultEndpoints();

    // build list with local IP addresses to bind to
    var localIpAddresses = new List<IPAddress>(Dns.GetHostAddresses(Dns.GetHostName()));
    if (IPAddress.Loopback != null)
        localIpAddresses.Add(IPAddress.Loopback);
    localIpAddresses.RemoveAll(i => i.AddressFamily != AddressFamily.InterNetwork);

    // enable metadata exchange bahaviour
    // add metadatabehaviour in case HTTP is not enabled
    var metadataBehaviour = _serviceHost.Description.Behaviors.Find<ServiceMetadataBehavior>();
    if (metadataBehaviour == null)
    {
        metadataBehaviour = new ServiceMetadataBehavior();
        _serviceHost.Description.Behaviors.Add(metadataBehaviour);
    }

    var credentialsBehaviour = _serviceHost.Description.Behaviors.Find<ServiceCredentials>();
    if (credentialsBehaviour == null)
    {
        credentialsBehaviour = new ServiceCredentials();
        _serviceHost.Description.Behaviors.Add(credentialsBehaviour);
    }

    var serviceDebug = _serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>();
    if (serviceDebug == null)
    {
        serviceDebug = new ServiceDebugBehavior();
        _serviceHost.Description.Behaviors.Add(serviceDebug);
    }
    serviceDebug.IncludeExceptionDetailInFaults = true;

    var tcpPort = "9096";

    _log.Info("tcpPort - {0}", tcpPort);

    var netTcpBinding = new NetTcpBinding()
    {
        Security = new NetTcpSecurity()
        {
            Mode = SecurityMode.Transport,
            Transport = new TcpTransportSecurity()
            {
                ClientCredentialType = TcpClientCredentialType.Windows,
            }
        },
        TransferMode = TransferMode.Streamed,
        MaxReceivedMessageSize = long.MaxValue,
        MaxBufferSize = int.MaxValue,
        MaxBufferPoolSize = long.MaxValue,
        ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        {
            MaxDepth = int.MaxValue,
            MaxArrayLength = int.MaxValue,
            MaxStringContentLength = int.MaxValue
        },
        SendTimeout = TimeSpan.MaxValue,
        ReceiveTimeout = TimeSpan.MaxValue
    };

    var endpoint = _serviceHost.AddServiceEndpoint(
        typeof(IMyChannel),
        netTcpBinding,
        new Uri(string.Format("net.tcp://0:{0}/Configuration", tcpPort)));

    ServiceSecurityAuditBehavior newAudit = new ServiceSecurityAuditBehavior();
    newAudit.AuditLogLocation = AuditLogLocation.Application;
    newAudit.MessageAuthenticationAuditLevel = AuditLevel.SuccessOrFailure;
    newAudit.ServiceAuthorizationAuditLevel = AuditLevel.SuccessOrFailure;
    newAudit.SuppressAuditFailure = false;

    _serviceHost.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName,
        MetadataExchangeBindings.CreateMexTcpBinding(),
        string.Format("net.tcp://localhost:{0}/Configuration/mex", tcpPort));

    _serviceHost.Description.Behaviors.Remove<ServiceSecurityAuditBehavior>();
    _serviceHost.Description.Behaviors.Add(newAudit);

    _serviceHost.Opening += (sender, eventArgs) => _log.Info("Opening Connection ...");
    _serviceHost.Opened += (sender, eventArgs) => _log.Info("Opened Connection ...");

    _serviceHost.Closing += (sender, eventArgs) => _log.Info("Closing connection ...");
    _serviceHost.Closed += (sender, eventArgs) => _log.Info("Closed connection ...");

    _serviceHost.Faulted += (sender, eventArgs) => _log.Error("Fault detected on WCF host");

    _serviceHost.Open();
    #endregion

这里是我的完整堆栈跟踪：

System.ServiceModel.Security.SecurityNegotiationException:服务器已拒绝客户端凭据。-> System.Security.Authentication.InvalidCredential异常:服务器拒绝了客户端凭据。( System.Net.Security.NegoState.StartSendBlob(Byte[] message，LazyAsyncResul t lazyResult)在System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential凭证)，String targetName，ProtectionLevel requiredProtectionLevel，TokenIm personationLevel allowedImpersonationLevel)在System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsS treamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream流，personationLevel operty& TokenIm)-内部异常堆栈跟踪的结束 服务器堆栈跟踪:在System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsS treamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream流，在System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(Strea mUpgradeInitiator upgradeInitiator，IConnection& connection，ClientFramingDecode r解码器，IDefaultCommunicationTimeouts defaultTimeouts，TimeoutHelper& System.ServiceModel.Channels.StreamedFramingRequestChannel.SendPreamble(IC连接，TimeoutHelper& timeoutHelper，ClientFramingDecoder解码器上的System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUp级别(流流)System.ServiceModel.Channels.StreamedFramingRequestChannel.StreamedConnect ionPoolHelper.AcceptPooledConnection(IConnection connection的SecurityMessageProperty& remoteSecurity，System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(Time超时的TimeoutHelper& time outHelper)，System.ServiceModel.Channels.RequestChannel.Request(Message消息的System.ServiceModel.Channels.StreamedFramingRequestChannel.StreamedFraming Request.SendRequest(消息消息，TimeSpan超时值)，System.ServiceModel.Channels.ServiceChannel.Call(String操作的TimeS pan超时，eway上的布尔值，ProxyOperationRuntime操作，Object[] ins，( System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCall Message methodCall，ProxyOperationRuntime操作)) 异常重新引发: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage req Msg，IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDa ta，Int32 type) at MyProject.TestConnection() at MyProject.Program.ManualInput() in d:\Source\MyProject\Program.cs:line 84

这没有任何意义。

任何帮助都将不胜感激！

谢谢!

K

Answer 1

解决了！

这个问题是windows身份验证不需要DnsEndpointIdentity :)