這些方案在其各個部分中工作。當我把它放在一起,它打破了。WCF在2臺計算機邊界上使用模擬時失敗(3臺計算機)
我有使用netTCP使用模擬來獲取呼叫者ID(基於角色的安全性將在此級別使用)
在此之上是使用basicHTTP與TransportCredientialOnly WCF服務也使用模擬WCF服務
然後我有一個連接到basicHttp的客戶端前端。
遊戲的目的是從netTCP服務的底部返回客戶端用戶名 - 所以最後我可以在這裏使用基於角色的安全性。
每個服務都在不同的機器上 - 當您爲本地和遠程運行客戶端時,每個服務都會在您刪除對其他服務的任何調用時起作用。 IE只有當你跳過一個以上的機器邊界時纔會出現問題。
當我將每個部件連接在一起時,IE安裝程序會中斷 - 但它們可以正常工作。
我還指定
[OperationBehavior(模擬= ImpersonationOption.Required)]在該方法和
有IIS設置爲只允許窗戶認證(實際上我已經ananymous啓用還是,但禁止沒有差別)
這種模擬工作正常的情況下,我有機器A上的netTCP服務與客戶端與機器B上的basicHttp服務與basicHttp服務還在機器B上的clinet ...但是,如果我移動客戶端到任何機器C我得到以下錯誤:
異常是'套接字連接被中止。這可能是由處理您的消息時出錯或遠程主機超出接收超時或基礎網絡資源問題引起的。本地套接字超時是'00:10:00'' 內部信息是'現有連接被遠程主機強制關閉'
我開始認爲這是一個比配置更多的網絡問題......但是IM在抓救命稻草......
的配置文件如下(從客戶端然後前往netTCP層)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00"
openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc"
binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint"
contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint"
behaviorConfiguration="ImpersonationBehaviour" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ImpersonationBehaviour">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
客戶端(basicHttp服務的服務和客戶端的netTCP服務)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcpBindingEndpoint" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
<basicHttpBinding>
<binding name="basicHttpWindows">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc"
binding="netTcpBinding"
bindingConfiguration="netTcpBindingEndpoint"
contract="ServiceReference1.IService1"
name="netTcpBindingEndpoint"
behaviorConfiguration="ImpersonationBehaviour">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ImpersonationBehaviour">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WCFTopWindowsTest.Service1"
behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="basicHttpWindows"
name ="basicHttpBindingEndpoint"
contract ="WCFTopWindowsTest.IService1">
</endpoint>
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
然後最後的netTCP層
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authentication mode="Windows"></authentication>
<authorization>
<allow roles="*"/>
</authorization>
<compilation debug="true" targetFramework="4.0" />
<identity impersonate="true" />
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTCPwindows">
<security mode="Transport">
<transport clientCredentialType="Windows"></transport>
</security>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1">
<endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8721/test2" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="netTCPwindows.netTCPwindowsBehaviour">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
Thankyou的信息。我確實需要的不僅僅是他們的授權信息,因爲數據可能來自多個來源 - 其中一些不在我的控制範圍之內。有權訪問角色信息的角度是我可以實現基於聲明式角色的安全性。也就是說,我試圖讓我的支持和獨立的安全實施atino我儘可能。給出一個+1,因爲這些信息非常有見地:D – 2010-05-10 14:43:29