WCF在2臺計算機邊界上使用模擬時失敗（3臺計算機）

Question

這些方案在其各個部分中工作。當我把它放在一起，它打破了。

我有使用netTCP使用模擬來獲取呼叫者ID（基於角色的安全性將在此級別使用）

在此之上是使用basicHTTP與TransportCredientialOnly WCF服務也使用模擬WCF服務

然後我有一個連接到basicHttp的客戶端前端。

遊戲的目的是從netTCP服務的底部返回客戶端用戶名 - 所以最後我可以在這裏使用基於角色的安全性。

每個服務都在不同的機器上 - 當您爲本地和遠程運行客戶端時，每個服務都會在您刪除對其他服務的任何調用時起作用。 IE只有當你跳過一個以上的機器邊界時纔會出現問題。

當我將每個部件連接在一起時，IE安裝程序會中斷 - 但它們可以正常工作。

我還指定

[OperationBehavior（模擬= ImpersonationOption.Required）]在該方法和

有IIS設置爲只允許窗戶認證（實際上我已經ananymous啓用還是，但禁止沒有差別）

這種模擬工作正常的情況下，我有機器A上的netTCP服務與客戶端與機器B上的basicHttp服務與basicHttp服務還在機器B上的clinet ...但是，如果我移動客戶端到任何機器C我得到以下錯誤：

異常是'套接字連接被中止。這可能是由處理您的消息時出錯或遠程主機超出接收超時或基礎網絡資源問題引起的。本地套接字超時是'00：10：00'' 內部信息是'現有連接被遠程主機強制關閉'

我開始認爲這是一個比配置更多的網絡問題......但是IM在抓救命稻草......

的配置文件如下（從客戶端然後前往netTCP層）

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00" 
        openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00" 
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" 
        useDefaultWebProxy="true"> 
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <security mode="TransportCredentialOnly"> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" 
          realm="" /> 
         <message clientCredentialType="UserName" algorithmSuite="Default" /> 
        </security> 
       </binding> 
      </basicHttpBinding> 
     </bindings> 
     <client> 
      <endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc" 
       binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint" 
       contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint" 
behaviorConfiguration="ImpersonationBehaviour" /> 
     </client> 
    <behaviors> 
    <endpointBehaviors> 
    <behavior name="ImpersonationBehaviour"> 
    <clientCredentials> 
     <windows allowedImpersonationLevel="Impersonation"/> 
    </clientCredentials> 
    </behavior> 
    </endpointBehaviors> 
    </behaviors> 
    </system.serviceModel> 
</configuration> 

客戶端（basicHttp服務的服務和客戶端的netTCP服務）

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 

    <system.web> 
    <compilation debug="true" targetFramework="4.0" /> 
    </system.web> 
    <system.serviceModel> 
    <bindings> 
     <netTcpBinding> 
     <binding name="netTcpBindingEndpoint" closeTimeout="00:01:00" 
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
      transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" 
      hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" 
      maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> 
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
      maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
      <reliableSession ordered="true" inactivityTimeout="00:10:00" 
      enabled="false" /> 
      <security mode="Transport"> 
      <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> 
      <message clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </netTcpBinding> 
    <basicHttpBinding> 
    <binding name="basicHttpWindows"> 
    <security mode="TransportCredentialOnly"> 
    <transport clientCredentialType="Windows"></transport> 
    </security> 
    </binding> 
    </basicHttpBinding> 
    </bindings> 
    <client> 
     <endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc" 
    binding="netTcpBinding" 
    bindingConfiguration="netTcpBindingEndpoint" 
    contract="ServiceReference1.IService1" 
    name="netTcpBindingEndpoint" 
    behaviorConfiguration="ImpersonationBehaviour"> 
     <identity> 
      <dns value="localhost" /> 
     </identity> 
     </endpoint> 
    </client> 
    <behaviors> 
    <endpointBehaviors> 
    <behavior name="ImpersonationBehaviour"> 
    <clientCredentials> 
    <windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/> 
    </clientCredentials> 
    </behavior> 
    </endpointBehaviors> 
     <serviceBehaviors> 
     <behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour"> 
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
      <serviceMetadata httpGetEnabled="true" /> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <services> 
    <service name="WCFTopWindowsTest.Service1" 
     behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour"> 
    <endpoint address="" 
     binding="basicHttpBinding" 
     bindingConfiguration="basicHttpWindows" 
     name ="basicHttpBindingEndpoint" 
     contract ="WCFTopWindowsTest.IService1"> 

    </endpoint>  
    </service>  
    </services> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    </system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true" /> 
     <directoryBrowse enabled="true" /> 
    </system.webServer> 

</configuration> 

然後最後的netTCP層

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 

    <system.web> 
    <authentication mode="Windows"></authentication> 
    <authorization> 
    <allow roles="*"/> 
    </authorization> 
    <compilation debug="true" targetFramework="4.0" /> 
     <identity impersonate="true" /> 
    </system.web> 
    <system.serviceModel> 
    <bindings> 
    <netTcpBinding> 
    <binding name="netTCPwindows"> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows"></transport> 
     </security> 
    </binding> 
    </netTcpBinding> 
    </bindings> 
    <services> 
    <service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1"> 
    <endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1"> 
     <identity> 
     <dns value="localhost" /> 
     </identity> 
    </endpoint> 
    <endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/> 
    <host> 
     <baseAddresses>  
     <add baseAddress="net.tcp://localhost:8721/test2" /> 
     </baseAddresses> 
    </host> 
    </service>  
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="netTCPwindows.netTCPwindowsBehaviour"> 

      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
      <serviceMetadata httpGetEnabled="false" /> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    </system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true" /> 
     <directoryBrowse enabled="true" /> 
    </system.webServer> 

</configuration> 

Answer 1

如果您需要進行一個以上的一跳服務，你要對發生的需要，使代表團。您可以從here獲得更多信息。這就是說，如果你所需要做的就是確定調用後端服務（netTcp）的用戶的角色，那麼你不一定需要模仿，因爲WindowsIdentity的TokenImpersonationLevel應該只需要在爲了確定角色成員資格。在這種情況下，您只需確保在中間層（basicHttp）中進行模擬。