Ais*_*iva 7 .net c# time wcf web-services
从测试客户端访问WCF服务时,我遇到以下异常:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
--- End of inner exception stack trace ---
我在网上搜索了这个问题的根本原因.我发现这主要是由于客户端 - 服务器时间差异造成的.但我无法找到正确的解决方案.以下是我的服务器端配置:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="RequestUserName">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding" contract="WCFService.IService1" bindingName="RequestUserName">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFService.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://subdomain.domain.com/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
和客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="RequestUserName_IService1" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://subdomain.domain.com/service1.svc" binding="wsHttpBinding"
bindingConfiguration="RequestUserName_IService1" contract="ServiceReference1.IService1"
name="RequestUserName_IService1">
<identity>
<userPrincipalName value="DOMAIN\subdomaincom_web" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
有人请帮我找到解决这个问题的方法.
更新:当我跟踪异常时,内部异常显示了这一点The security timestamp is stale because its expiration time ('2013-08-21T11:17:39.482Z') is in the past. Current time is '2013-08-21T12:31:31.897Z' and allowed clock skew is '00:05:00'.
我的服务器使用UTC格式,我的客户端是一个通用应用程序,可以从任何国家/地区下载.
更新2:回答后配置:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="Wrabind">
<transactionFlow />
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
<secureConversationBootstrap messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
<localClientSettings maxClockSkew="00:30:00" />
<localServiceSettings maxClockSkew="00:30:00" />
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
</bindings>
<!-- change -->
<services>
<service name="WCFService.Service1" behaviorConfiguration="WCFService.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="http://subdomain.domain.com/service1.svc" binding="customBinding" contract="WCFService.IService1" bindingName="Wrabind">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFService.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- change -->
<!--<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFService.Authentication.DistributorValidator, WrangleCoreService"/>
<serviceCertificate findValue="WCFService" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
</serviceCredentials>-->
<!-- change -->
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://subdomain.domain.com/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!--<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint name="" helpEnabled="true"
automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>-->
</system.serviceModel>
导致此错误的原因可能有多种,最常见的原因是服务器由于各种原因(可能不在同一域中)未对客户端进行身份验证。要确定确切的原因,请打开 wcf 跟踪并查看它以红色显示的错误。您正在寻找的是 inenr 异常,它有点隐藏在跟踪 UI 中,它位于树中间的右侧。
设置时钟偏差的方法如下:
<security authenticationMode="...">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
<secureConversationBootstrap>
<localClientSettings maxClockSkew="00:30:00" />
<localServiceSettings maxClockSkew="00:30:00" />
</secureConversationBootstrap>
</security>
注意只能在自定义绑定上定义倾斜。由于您使用 WSHttpBinding,您需要将其转换为自定义绑定,这可以通过WCF 绑定转换器轻松在线完成。
| 归档时间: |
|
| 查看次数: |
9234 次 |
| 最近记录: |