WCF: The request for security token could not be satisfied because authentication failed

后端 未结 4 855
旧时难觅i
旧时难觅i 2020-12-23 21:21

I have written a very simple WCF Service that sends and receives messages. I have tested the app through the VS 2008 default web server host and everything works fine. But w

相关标签:
4条回答
  • 2020-12-23 21:41

    If you are in debug mode then set the debug attribute as

    <serviceDebug includeExceptionDetailInFaults="true"/>
    

    by default it sets as false ..so while you go for debugging it throws that exception .

    hope it helps .

    0 讨论(0)
  • 2020-12-23 21:46

    You don't actually need to turn off security and in some cases you shouldn't. Within a bindingConfiguration, you can specify message level security that does not establish a security context as follows:

    <security mode="Message">
        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true"
            algorithmSuite="Default" establishSecurityContext="false" />
    </security>
    

    Note the establishSecurityContext attribute. Both the client and service should have a security configuration with establishSecurityContext set to the same value. A value of true also works fine but false is recommended in an environment where the servers are load balanced.

    0 讨论(0)
  • 2020-12-23 21:58

    You need to turn off security for the binding. Otherwise, I believe that, by default, the wsHttpBinding will try to negotiate a Security Context Token (SCT).

    So, modify the endpoint definition to point to a binding configuration section. Here's an example:

    <endpoint address="" 
              binding="wsHttpBinding" 
              contract="HelloWorldService.IService1"
              bindingConfiguration="TheBindingConfig">
    

    And then add something like the following binding configuration right after the <services> section in the web.config's <system.serviceModel> section.

    <bindings>
      <wsHttpBinding>
        <binding name="TheBindingConfig">
          <security mode="None" />
        </binding>
      </wsHttpBinding>
    </bindings>
    

    Setting security to "None" is the key.

    Hope this helped!


    The above helped me - but what is not immediately obvious is how to add to the service end (its clear once you've done it what's needed, but not until you've done so). The reason its not entirely obvious is because there isn't a bindings section by default whereas there is liable to be one in the client.

    So, just to be very clear - at the service end, add the bindings section (as detailed above) and then to the appropriate endpoint add the bindingConfiguration="TheBindingConfig" attribute. Obvious once you've done it once...

    0 讨论(0)
  • 2020-12-23 22:00

    Be sure to set this bindingConfiguration (specifying security mode 'none') on both client and server or else you will get this message - which is quite a red herring as far as debugging the problem.

    The message could not be processed. This is most likely because the action 'http://tempuri.org/IInterfaceName/OperationName' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

    0 讨论(0)
提交回复
热议问题