wcf - 在IIS中使用wsHttpBinding承载WCF服务的问题

标签 wcf wcf-binding wcf-security

我正在尝试使用以下配置托管我的服务。

<system.serviceModel>
    <services>
        <service name="Test.MyService" behaviorConfiguration="MyServiceBehavior">
            <!--         Service Endpoints -->
            <endpoint address="MyTestService" binding="wsHttpBinding" bindingConfiguration="WebserviceHttpBinding" contract="Test.IMyService"/>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="WebserviceHttpBinding">
                <security mode="Message">
                    <message clientCredentialType="UserName" negotiateServiceCredential="false"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyServiceBehavior">
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Test.CredentialValidator, Test"/>
                    <serviceCertificate findValue="RPKey" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
                </serviceCredentials>
                <!--           To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="true"/>
                <!--           To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>


当我调试该服务时,我没有问题。我使用网站在IIS中托管了此服务。当我从IIS浏览此服务时,出现以下异常。

“ / MyTestService”中的服务器错误
应用。

键集不存在

说明:未处理的异常
发生在执行
当前的Web请求。请检查
有关更多信息的堆栈跟踪
错误及其起源
代码。

异常详细信息:
System.Security.Cryptography.CryptographicException:
键集不存在

源错误:

产生未处理的异常
在执行当前
网络请求。有关的信息
异常的起源和位置
可以使用异常来识别
下面的堆栈跟踪。

堆栈跟踪:

[CryptographicException:密钥集不存在
]
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters参数,布尔randomKeyContainer)+369
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType,CspParameters参数,布尔型randomKeyContainer,Int32 dwKeySize,SafeProvHandle&safeProvHandle,SafeKeyHandle&safeKeyHandle)+151
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()+85
System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize,CspParameters参数,布尔值useDefaultKeySize)+280
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()+468
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2证书)+85

[ArgumentException:证书'CN = RPKey'必须具有能够进行密钥交换的私钥。该过程必须具有私钥的访问权限。]
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2证书)+15832031
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()+45
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement receiverRequirement)+73
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement要求)+65
System.ServiceModel.Security.SessionRenewSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement要求)+14
System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(TimeSpan超时)+15334232
System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan超时)+23
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)+563
System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan超时)+101
System.ServiceModel.Channels.SecurityChannelListener 1.OnOpen(TimeSpan timeout) +203 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +563 System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) +87 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +563 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +110 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +563 System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout) +149 System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) +23 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +563 System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout) +24 System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout) +878 System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) +23 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +563 System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout) +153 System.ServiceModel.Channels.SecurityChannelListener 1.OnOpen(TimeSpan超时)+203
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)+563
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan超时)+87
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)+563
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan超时)+110
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)+563
System.ServiceModel.HostingManager.ActivateService(字符串normalizedVirtualPath)+135
System.ServiceModel.HostingManager.EnsureServiceAvailable(字符串normalizedVirtualPath)+654

[ServiceActivationException:由于编译期间发生异常,因此无法激活服务'/AtlasServices/Service.svc'。异常消息是:证书“ CN = RPKey”必须具有能够进行密钥交换的私钥。该过程必须具有私钥的访问权限。
System.ServiceModel.AsyncResult.End(IAsyncResult结果)+15700960
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult结果)+15623609
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.ExecuteSynchronous(HttpApplication上下文,布尔flowContext)+265
System.ServiceModel.Activation.HttpModule.ProcessRequest(对象发送者,EventArgs e)+227
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+80
System.Web.HttpApplication.ExecuteStep(IExecutionStep步骤,布尔值和已完成同步)+171

最佳答案

这可能是因为IIS上的帐户设置与您用于运行本地服务器的帐户不同。

您正在使用X.509证书吗?
如果是这样,您确定对包含私钥的文件的运行进程(正在运行IIS)的帐户授予了读取acces特权吗?

因此,如果IIS在Saghar帐户下运行,Saghar是否已读取密钥文件的特权?

@更新

ArgumentException:证书“ CN = RPKey”必须具有能够进行密钥交换的私钥。该过程必须具有私钥的访问权限。

这告诉我您的IIS帐户无权访问您的私钥

关于wcf - 在IIS中使用wsHttpBinding承载WCF服务的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3347022/

上一篇:WPF 工具包图表无序 LineSeries

下一篇:screenshot - 屏幕截图上的运动检测

相关文章:

c# - 如何在 VS2010 内置 Web 服务器中使用 TransportWithMessageCredential 测试 WCF 服务

.net - 如果跨层使用 POCO + Entity Framework 而不使用数据传输对象有什么缺点吗?

WCF 服务 - 证书未到达服务器

c++ - 使用 WWSAPI 客户端和 WCF 服务的回调实现

c# - 如何将参数传递给带有特殊字符的 WCF Web 服务?

wcf - 使用证书身份验证调用 HTTPS WCF 服务

c# - 实体太大错误

wcf - 在 WCF 服务中传输大量数据

c# - 在 C# 中以编程方式创建 WCF 客户端的 header (wsse) 部分

wcf - 什么是服务凭证协商?

©2024 IT工具网  联系我们