开发者

WCF gets Access denied when the consumer try invoke a WCF service calls hosted on Virtual Machine

开发者 https://www.devze.com 2023-01-17 04:05 出处:网络
Problem System.ServiceModel.Security.SecurityAccessDeniedException : Access is denied. Relevant Stack lines (reduced)

Problem

System.ServiceModel.Security.SecurityAccessDeniedException : Access is denied.

Relevant Stack lines (reduced)

Server stack trace: 
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

Environment

Developer Machine (host): Windows Vista, Visual Studio 2008, nUnit

Test Machine (guest): Windows 2003, IIS, Windows 2003 Firewall (disabled)

Virtual Machine: Virtual PC

Network: Microsoft Loopback Adapter

Description

The Windows 2003 hosts a WCF service inventory, services within are well tested.

When an application consumer runs inside windows 2003 - everything works fine.

When an application consumer runs from Windows Vista (under this virtual network) - security problems appears. So it was needed to adjust de service and include a certificate. Documentation was followed but the access still denied.

Purpose

No sophisticated security arrangements is needed - its simply a laptop and virtual machine. I tried to replicate this official scenario: http://msdn.microsoft.com/en-us/library/ms733938.aspx

I want make calls to services hosted on windows 2003 from my application under Windows Vista OS using the Unit Test application (nunit). The deployed services on windows 2003 is a well tested ones.

WHAT WORKS

Any service using (or past .asmx webservices) works properly.

Suspicion

I believe it has to be with this dammed Windows Vista. The Windows 2003 event log has successful auditing entries.

SERVICE SETTINGS

The consumer - nunit applicat开发者_如何学编程ion running on Windows Vista:

<system.serviceModel>
<client>
  <endpoint address="http://soa.homolog.com/RemoteService/RemoteService.svc"
      binding="wsHttpBinding"
      behaviorConfiguration="InternetEndpointBehavior" 
      bindingConfiguration="AnonymousBindingConfiguration"
      contract="RemoteService.IRemoteService" 
      name="WSHttpBinding_IEmpresaService">
    <identity>
      <dns value="homologCertificate"  />
    </identity>
  </endpoint>
</client>
<bindings>
  <wsHttpBinding>
    <binding name="AnonymousBindingConfiguration">
      <security mode="Message">
        <message clientCredentialType="None" />            
      </security>
    </binding>
 </bindings>
 <behaviors>
 <endpointBehaviors>
    <behavior name="InternetEndpointBehavior">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
 </behaviors>
</system.serviceModel>

The service, hosted on IIS/Windows 2003:

<system.serviceModel>
<serviceHostingEnvironment>
  <baseAddressPrefixFilters>
    <add prefix="http://soa.homolog.com" />
  </baseAddressPrefixFilters>
</serviceHostingEnvironment>
<bindings>

  <wsHttpBinding>
    <binding name="BindingNoSecurity">          
      <security mode="Message">
        <message clientCredentialType="None"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior name="CompanyCoreBehavior">

      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug 
              includeExceptionDetailInFaults="true" />
      <serviceThrottling 
              maxConcurrentCalls="500" 
              maxConcurrentInstances="500" 
              maxConcurrentSessions="500" />
      <serviceTimeouts 
              transactionTimeout="00:10:00" />

      <serviceCredentials>
        <serviceCertificate
                    findValue="homologCertificate"
                    storeLocation="LocalMachine"
                    x509FindType="FindBySubjectName"
                    storeName="My"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>


This is a System.ServiceModel.Security exception so it is probably not a firewall or IIS problem.

Try removing the following code from the client:

  <clientCredentials> 
    <serviceCertificate> 
      <authentication certificateValidationMode="None" /> 
    </serviceCertificate> 
  </clientCredentials> 

And the following code from the server:

  <serviceCredentials>  
    <serviceCertificate  
                findValue="homologCertificate"  
                storeLocation="LocalMachine"  
                x509FindType="FindBySubjectName"  
                storeName="My"/>  
  </serviceCredentials>  


Start by enabling WCF tracing on the server. The trace log may contain a meaningful error message. Enable message logging and see if there any obvious differences between the messages that are accepted and those that are not. Although, honestly, I don't see how this can happen in your case.

0

精彩评论

暂无评论...
验证码 换一张
取 消