Wcf 请求主体权限失败
我有一个为https配置的WCF应用程序。但是,我得到以下错误: mscorlib.dll中发生“System.Security.SecurityException”类型的异常,但未在用户代码中处理Wcf 请求主体权限失败,wcf,Wcf,我有一个为https配置的WCF应用程序。但是,我得到以下错误: mscorlib.dll中发生“System.Security.SecurityException”类型的异常,但未在用户代码中处理 Exception Details: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied. Additional information: Request for principal permiss
Exception Details: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Additional information: Request for principal permission failed.
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
我可以通过浏览器访问WCF服务,但是当我的客户端应用程序调用此服务时,我会遇到上述错误
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
这是我的WCF服务:
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)]
public class SampleService
{
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Users")]
public object PerformOperation(List<string> parameterList)
{
…..
…..
}
}
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
[ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)]
公共类示例服务
{
[PrincipalPermission(SecurityAction.Demand,Role=“Admin Users”)]
公共对象性能操作(列表参数列表)
{
…..
…..
}
}
这是我的服务配置:
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
客户端配置:
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
我正在使用我存储在受信任的根证书文件夹中的自签名证书
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
我尝试过几件事:
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>
- 当我使用https进行调试时,我看到没有传递标识(System.Threading.Thread.CurrentPrincipal.identity.Name),我认为这就是问题所在。在使用HTTP时,使用“domain\id”可以正确地传递相同的内容李>
- 其次,当我删除服务上的PrincipalPermission属性时,它就起作用了。然而,这不是我的解决方案李>
- 我在我的开发盒和集成盒(WCF服务和客户机在不同的服务器上)上也会遇到这个错误
<serviceBehaviors>
<behavior name="Https.Service">
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="None"/>
</behavior>
</serviceBehaviors>
<service behaviorConfiguration="Https.Service" name="DBAccessService">
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" bindingConfiguration="TransportSecurity">
</endpoint>
</service>
<client>
<endpoint address="https://SYSTEM_NAME.domain.com:444/App.Service/DBAccess.svc" binding="wsHttpBinding" contract="App.DBAccessService.IDBAccess" >
<identity>
<servicePrincipalName value="host/localhost"/>
</identity>
</client>