只能远程访问 WCF 工作流服务端点

【问题标题】:Can only access WCF Workflow Service Endpoint Remotely只能远程访问 WCF 工作流服务端点
【发布时间】:2016-03-16 16:27:42
【问题描述】:

我在 Windows Server 2008 R2 Standard 上托管工作流服务。我通过在同一台服务器上运行的启用 Windows 服务/topshelf 的控制台应用程序访问它。问题是,我无法在本地(从同一服务器)访问端点,但可以从任何其他服务器(使用完全相同的服务帐户、相同的域)访问它。

我的客户端(Windows 服务)绑定如下所示:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="BindingIBeginNewRequestAdded">
                    <security mode="Transport">
                        <transport clientCredentialType="Windows"/>
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://WorkFlowServerTest.corp.gdg/NewAccountRequestWorkflow.xamlx" binding="basicHttpBinding"
                bindingConfiguration="BindingIBeginNewRequestAdded" contract="NewAccountRequest.IBeginNewRequestAdded" name="BindingIBeginNewRequestAdded"/>
        </client>
    </system.serviceModel>

WorkFlow 服务绑定如下所示:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="HTTPSBindingConfiguration">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
        <binding name="MEXHTTPSBindingConfiguration">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="HTTPSBehavior" name="NewAccountRequestWorkflow">
        <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MEXHTTPSBindingConfiguration" contract="IMetadataExchange" />
        <endpoint binding="basicHttpBinding" bindingConfiguration="HTTPSBindingConfiguration" name="SecureTransportNoCredentialsEndpoint6" contract="IBeginNewRequestAdded" />
      </service>
    </services>

C#/Windows 服务代码:

NewAccountRequest.BeginNewRequestAddedClient _ws = new NewAccountRequest.BeginNewRequestAddedClient();
_ws.BeginNewRequestAdded(_newRequest.RequestID);

错误:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
   at WinSvc.DailySales.NewAccountRequest.BeginNewRequestAddedClient.WinSvc.DailySales.NewAccountRequest.IBeginNewRequestAdded.BeginNewRequestAdded(BeginNewRequestAddedRequest request)
   at WinSvc.DailySales.Classes.DailySalesExceptionHandler.CallGPAccountSubmitService()

所以我知道这一点:https://support.microsoft.com/en-us/kb/896861

并且已经将 WorkFlowServerTest.corp.gdg 的 BackConnectionHostNames 添加到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0。

我已经尝试了绑定中客户端和服务器 clientCredentialType 和安全模式设置的所有组合。迷路了……

【问题讨论】:

    标签: c# wcf iis workflow-foundation


    【解决方案1】:

    答案是注册表设置:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames

    ...不正确!

    所以,我尝试将其指向我的 WorkFlowServerTest.corp.gdg DNS。但是该 DNS 只不过是指向该服务器的 FQDN 之一的 CName。分辨率:

    Ping 该 CNAME/DNS 名称以获取 IP 地址。 NSLOOKUP 该 IP 以获取 FQDN。将注册表项设置为 FQDN 并修复它。已修复!

    【讨论】:

      猜你喜欢
      • 2019-12-17
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2013-08-21
      • 1970-01-01
      • 2015-06-02
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode