WCF gets Access denied when the consumer try invok

2020-04-10 09:50发布

Problem

System.ServiceModel.Security.SecurityAccessDeniedException : Access is denied.

Relevant Stack lines (reduced)

Server stack trace: 
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

Environment
Developer Machine (host): Windows Vista, Visual Studio 2008, nUnit
Test Machine (guest): Windows 2003, IIS, Windows 2003 Firewall (disabled)
Virtual Machine: Virtual PC
Network: Microsoft Loopback Adapter

Description
The Windows 2003 hosts a WCF service inventory, services within are well tested.
When an application consumer runs inside windows 2003 - everything works fine.
When an application consumer runs from Windows Vista (under this virtual network) - security problems appears. So it was needed to adjust de service and include a certificate. Documentation was followed but the access still denied.

Purpose
No sophisticated security arrangements is needed - its simply a laptop and virtual machine. I tried to replicate this official scenario: http://msdn.microsoft.com/en-us/library/ms733938.aspx
I want make calls to services hosted on windows 2003 from my application under Windows Vista OS using the Unit Test application (nunit). The deployed services on windows 2003 is a well tested ones.

WHAT WORKS
Any service using (or past .asmx webservices) works properly.

Suspicion
I believe it has to be with this dammed Windows Vista. The Windows 2003 event log has successful auditing entries.

SERVICE SETTINGS

The consumer - nunit application running on Windows Vista:

<system.serviceModel>
<client>
  <endpoint address="http://soa.homolog.com/RemoteService/RemoteService.svc"
      binding="wsHttpBinding"
      behaviorConfiguration="InternetEndpointBehavior" 
      bindingConfiguration="AnonymousBindingConfiguration"
      contract="RemoteService.IRemoteService" 
      name="WSHttpBinding_IEmpresaService">
    <identity>
      <dns value="homologCertificate"  />
    </identity>
  </endpoint>
</client>
<bindings>
  <wsHttpBinding>
    <binding name="AnonymousBindingConfiguration">
      <security mode="Message">
        <message clientCredentialType="None" />            
      </security>
    </binding>
 </bindings>
 <behaviors>
 <endpointBehaviors>
    <behavior name="InternetEndpointBehavior">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
 </behaviors>
</system.serviceModel>

The service, hosted on IIS/Windows 2003:

<system.serviceModel>
<serviceHostingEnvironment>
  <baseAddressPrefixFilters>
    <add prefix="http://soa.homolog.com" />
  </baseAddressPrefixFilters>
</serviceHostingEnvironment>
<bindings>

  <wsHttpBinding>
    <binding name="BindingNoSecurity">          
      <security mode="Message">
        <message clientCredentialType="None"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior name="CompanyCoreBehavior">

      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug 
              includeExceptionDetailInFaults="true" />
      <serviceThrottling 
              maxConcurrentCalls="500" 
              maxConcurrentInstances="500" 
              maxConcurrentSessions="500" />
      <serviceTimeouts 
              transactionTimeout="00:10:00" />

      <serviceCredentials>
        <serviceCertificate
                    findValue="homologCertificate"
                    storeLocation="LocalMachine"
                    x509FindType="FindBySubjectName"
                    storeName="My"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

2条回答
欢心
2楼-- · 2020-04-10 10:36

Start by enabling WCF tracing on the server. The trace log may contain a meaningful error message. Enable message logging and see if there any obvious differences between the messages that are accepted and those that are not. Although, honestly, I don't see how this can happen in your case.

查看更多
狗以群分
3楼-- · 2020-04-10 10:43

This is a System.ServiceModel.Security exception so it is probably not a firewall or IIS problem.

Try removing the following code from the client:

  <clientCredentials> 
    <serviceCertificate> 
      <authentication certificateValidationMode="None" /> 
    </serviceCertificate> 
  </clientCredentials> 

And the following code from the server:

  <serviceCredentials>  
    <serviceCertificate  
                findValue="homologCertificate"  
                storeLocation="LocalMachine"  
                x509FindType="FindBySubjectName"  
                storeName="My"/>  
  </serviceCredentials>  
查看更多
登录 后发表回答