C# 请求主体权限失败-可能是由于windows组？_C#_Asp.net_Asp.net Mvc_Wcf_Principalpermission

C# 请求主体权限失败-可能是由于windows组？

c# asp.net asp.net-mvc wcf

C# 请求主体权限失败-可能是由于windows组？,c#,asp.net,asp.net-mvc,wcf,principalpermission,C#,Asp.net,Asp.net Mvc,Wcf,Principalpermission,我搜索了这个错误，没有找到正确的答案。。2个月前，我在做MVC->WCF通信。它成功了，然后我注释掉PrincipalPermission属性，使其在本地主机（VS IIS Express）上工作重新启用后，我收到错误“请求主体权限失败”。我想我的组是错误的西铁方面： [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)] [

我搜索了这个错误，没有找到正确的答案。。2个月前，我在做MVC->WCF通信。它成功了，然后我注释掉PrincipalPermission属性，使其在本地主机（VS IIS Express）上工作

重新启用后，我收到错误“请求主体权限失败”。我想我的组是错误的

西铁方面：

[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[PrincipalPermission(SecurityAction.Demand, Role = "Test_Group")]
public class TestService : ITestService
{
    public int Test()
    {
        return 0;
    }
}

客户端：

public async Task<ActionResult> Test()
    {
        Services.TestClientService testClient = new Services.TestClientService();
        testClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
        testClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;

        try
        {
            int response = await testClient.TestAsync();
        }
        catch(Exception ex)
        {
            System.Diagnostics.Debug.WriteLine(ex.Message);
        }

        return View();
    }

公共异步任务测试（）
{
Services.TestClientService testClient=new Services.TestClientService（）；
testClient.ClientCredentials.Windows.ClientCredential=System.Net.CredentialCache.DefaultNetworkCredentials；
testClient.ClientCredentials.Windows.AllowedImpersonationLevel=TokenImpersonationLevel.Impersonation；
尝试
{
int response=wait testClient.TestAsync（）；
}
捕获（例外情况除外）
{
系统.诊断.调试.写入线（例如消息）；
}
返回视图（）；
}

WCF web配置：

<system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="authBehavior">
      <!-- serviceAuthorizationManagerType="MyProject.Common.RoleAuthorizationManager, MyProject" -->
      <serviceAuthorization principalPermissionMode="UseWindowsGroups">
        <authorizationPolicies>
          <add policyType="MyProject.Common.AuthorizationPolicy, MyProject" />
        </authorizationPolicies>
      </serviceAuthorization>
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyProject.Common.IdentityValidator, MyProject" />
        <serviceCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
      </serviceCredentials>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
    <behavior name="svcBehavior">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
    <behavior name="">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Message">
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service name="MyProject.TestService" behaviorConfiguration="authBehavior">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="MyProject.ITestService" />
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
</services>
<!-- <protocolMapping>
  <add binding="wsDualHttpBinding" scheme="https" />
</protocolMapping>-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

客户端网络配置：

<system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior>
      <customInspector />
    </behavior>
  </endpointBehaviors>
</behaviors>
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding" />
  </basicHttpBinding>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Message">
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<extensions>
  <behaviorExtensions>
    <add name="customInspector" type="MyMVC.Services.WCF.Behavior, MyMVC" />
  </behaviorExtensions>
</extensions>
<client>
  <endpoint address="http://localhost:9999/TestService.svc"
    binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
    contract="MyMVC.Services.ITestService" name="wsHttpEndpointBinding_ITestService" />
</client>

我无法访问WCF AuthorizationPolicy.cs以检查Thread.CurrentPrincipal是否已设置

知道如何调试出了什么问题吗？我认为这是windows中测试组的问题。WCF和MVC在IIS中运行。MVC在IIS APPPOOL\MVC下运行，IIS APPPOOL\MVC是测试组的成员

谢谢您的帮助。

测试组是本地组还是Active Directory中的组？如果是后者，则应在域名前加上前缀，后跟反斜杠。So“域\测试组”

如果没有，请尝试删除最后一个属性，并将以下内容放在函数的开头

PrincipalPermission pp = new PrincipalPermission(null, @"Test_Group");
pp.Demand();

将PrincipalPermission属性从类级别移动到方法级别

文章：（上一篇文章提到它不能在WCF的类级别上使用：/）

测试组是本地组。只有真正使用AD的权限组。您为IIS应用程序启用了什么身份验证？您的代码有效。不知道为什么MVC:Anonymous only的权限，WCF:Basic+AnonymousOoh ASP.NET模拟应在WCF上启用，对吗？编辑：已启用，仍不工作：/I我认为模拟不是您的问题。能否在WCF应用程序上启用Windows身份验证？您还可以为MVC禁用匿名和启用Windows身份验证吗？如果你说PP代码正在工作，那就很奇怪了。