wcf security - WCF communication across domains -

-

i have workflow wcf service (servicedmz) installed on server across firewall. service running under windows account on server. account name: dmzdomain\dmzusername.

i have workflow wcf service running on development machine (servicedev). self hosted service running under windows account: devdomain\devusername.

servicedev communicates servicedmz using wshttpcontextbinding , context correlation in send , recieve activities. servicedmz uses callback address communicate servicedev when done completing task.

i error in send activity of servicedev:

system.servicemodel.security.securitynegotiationexception: caller not authenticated service. ---> system.servicemodel.faultexception: request security token not satisfied because authentication failed. @ system.servicemodel.security.securityutils.throwifnegotiationfault(message message, endpointaddress target) @ system.servicemodel.security.issuancetokenproviderbase`1.throwiffault(message message, endpointaddress target) @ system.servicemodel.security.sspinegotiationtokenprovider.getnextoutgoingmessagebody(message incomingmessage, sspinegotiationtokenproviderstate sspistate) --- end of inner exception stack trace --- @ system.servicemodel.activities.internalsendmessage.onsendfailure(nativeactivityfaultcontext context, exception propagatedexception, activityinstance propagatedfrom) @ system.activities.runtime.faultcallbackwrapper.invoke(nativeactivityfaultcontext faultcontext, exception propagatedexception, activityinstance propagatedfrom) @ system.activities.runtime.faultcallbackwrapper.faultworkitem.execute(activityexecutor executor, bookmarkmanager bookmarkmanager)

what should settings in app.config file servicedev , servicedmz?

thanks!

hello, comments. here configuration files.

servicedev

  <system.servicemodel> <services>   <service name="servicedev" behaviorconfiguration="servicedevbehavior">     <host>       <baseaddresses>         <add baseaddress="http://10.204.78.16:9101/"/>       </baseaddresses>               </host>     <endpoint address="http://10.204.78.16:9101/servicedev" binding="wshttpbinding" contract="iservicedev" bindingconfiguration="servicedevbinding"></endpoint>     <endpoint address="http://10.204.78.16:9101/servicedev/mex" binding="mexhttpbinding" contract="imetadataexchange"></endpoint>     <endpoint address="http://10.204.78.16:9101/servicedevcallback" binding="wshttpcontextbinding" contract="iservicedevcallback" bindingconfiguration="clientservicedmzbinding"></endpoint>           </service> </services> <client>   <endpoint address="http://10.169.24.14:9100/servicedmz" binding="wshttpcontextbinding" contract="iservicedmz" name="clientservicedmz" bindingconfiguration="clientservicedmzbinding">     <identity>       <userprincipalname value="dmzusername@dmzsvr1.mysite.com"/>     </identity>   </endpoint> </client> <bindings>   <wshttpbinding>     <binding name="servicedevbinding" maxreceivedmessagesize="8388608">       <security>         <transport clientcredentialtype="windows" proxycredentialtype="none" realm=""/>         <message clientcredentialtype="windows" negotiateservicecredential="true" algorithmsuite="tripledesrsa15" establishsecuritycontext="true"/>       </security>     </binding>   </wshttpbinding>   <wshttpcontextbinding>     <binding name="clientservicedmzbinding" clientcallbackaddress="http://10.204.78.16:9101/servicedevcallback">       <reliablesession ordered="true" inactivitytimeout="00:10:00" enabled="false" />       <security>         <message clientcredentialtype="windows" negotiateservicecredential="true" algorithmsuite="default"/>         <transport clientcredentialtype="windows" proxycredentialtype="none" realm=""/>       </security>     </binding>   </wshttpcontextbinding> </bindings> <behaviors>   <servicebehaviors>     <behavior name="servicedevbehavior">       <servicedebug includeexceptiondetailinfaults="true" httphelppageenabled="true"/>       <servicemetadata httpgetenabled="true"/>       <sqlworkflowinstancestore connectionstringname="mysite.deployment.data.providers.workflowinstancestoreprovider" instancecompletionaction="deletenothing" instancelockedexceptionaction="basicretry" instanceencodingoption="gzip" hostlockrenewalperiod="00:01:00"/>     </behavior>   </servicebehaviors> </behaviors> <standardendpoints>   <dynamicendpoint>     <standardendpoint name="clientservicedmzdynamicendpointconfiguration">       <discoveryclientsettings>         <endpoint kind="udpdiscoveryendpoint" endpointconfiguration="servicedmzudpdiscoveryendpoint"></endpoint>       </discoveryclientsettings>     </standardendpoint>   </dynamicendpoint>   <udpdiscoveryendpoint>     <standardendpoint name="servicedmzudpdiscoveryendpoint" discoveryversion="wsdiscovery11">     </standardendpoint>   </udpdiscoveryendpoint> </standardendpoints> <servicehostingenvironment multiplesitebindingsenabled="true"/> <diagnostics performancecounters="all">   <messagelogging logentiremessage="true" logmalformedmessages="true" logmessagesatservicelevel="true" logmessagesattransportlevel="true" maxmessagestolog="30000" maxsizeofmessagetolog="2000000">   </messagelogging> </diagnostics>

servicedmz

<system.servicemodel> <services>   <service name="servicedmz" behaviorconfiguration="servicedmzbehavior">     <host>       <baseaddresses>         <add baseaddress="http://10.169.24.14:9100/"/>       </baseaddresses>     </host>     <endpoint address="http://10.169.24.14:9100/servicedmz" binding="wshttpcontextbinding" contract="iservicedmz" bindingconfiguration="servicedmzbinding" behaviorconfiguration="servicedmzendpointbehavior" />     <endpoint address="http://10.169.24.14:9100/servicedmz/mex" binding="mexhttpbinding" contract="imetadataexchange"></endpoint>     <endpoint name="udpdiscovery" kind="udpdiscoveryendpoint" />   </service> </services> <bindings>   <wshttpcontextbinding>     <binding name="servicedmzbinding" clientcallbackaddress="http://10.204.78.16:9101/servicedevcallback">       <security>         <message clientcredentialtype="windows" negotiateservicecredential="true" algorithmsuite="default"/>         <transport clientcredentialtype="windows" realm="" proxycredentialtype="none"/>       </security>     </binding>   </wshttpcontextbinding> </bindings> <behaviors>   <servicebehaviors>     <behavior name="servicedmzbehavior">       <servicedebug includeexceptiondetailinfaults="true" httphelppageenabled="true"/>       <servicemetadata httpgetenabled="true"/>       <servicediscovery>         <announcementendpoints>           <endpoint kind="udpannouncementendpoint" />         </announcementendpoints>       </servicediscovery>     </behavior>   </servicebehaviors>    <endpointbehaviors>     <behavior name="servicedmzendpointbehavior">       <endpointdiscovery>         <scopes>          </scopes>       </endpointdiscovery>     </behavior>   </endpointbehaviors> </behaviors>  <standardendpoints>   <udpdiscoveryendpoint>     <standardendpoint name="servicedmzudpdiscoveryendpoint" discoveryversion="wsdiscovery11" maxresponsedelay="00:00:00.600"/>   </udpdiscoveryendpoint> </standardendpoints>  <diagnostics performancecounters="all">   <messagelogging logentiremessage="true" logmalformedmessages="true" logmessagesatservicelevel="true" logmessagesattransportlevel="true" maxmessagestolog="30000" maxsizeofmessagetolog="2000000">           </messagelogging> </diagnostics>

this partial trust problem. security wcf requires full trust full functionality, without supports subset of functionality, see http://msdn.microsoft.com/en-us/library/bb412186.aspx

also if using windows authentication require trust between domains, assuming machines in different domains.


Comments

Post a Comment

Popular posts from this blog

java - SNMP4J General Variable Binding Error -

-
i trying use snmp4j snmp bulkget. when ever use snmp4j make call returned responseevent error says "general variable binding error" , data returned equal null. to debug: print out, console, exact oid , version number using in snmp4j. use printed out data snmpwalk on command line. valid results. know sending snmp4j correct pdu correct oid, version number, max repititions, etc. i have used snmp4j , code wrote succesffuly monitor other devices years. don't know different time. leaving me stumped. why "general variable binding error?" causes error? ideas debug? can reproduced? if so, first action should using wireshark or microsoft network monitor capture network packets. my guess agent gives generr response, not surprising, http://www.ietf.org/rfc/rfc1157.txt
Read more

windows - Python Service Installation - "Could not find PythonClass entry" -

-
i working on building python service. inducing error, not sure inducing it. ps c:\...> python .\file.py debug debugging service myservice - press ctrl+c stop. error 0xc00000f4 - not find service's pythonclass entry in registry error 1814 - specified resource name cannot found in image file. error 0xc0000080 - not locate module name in python class string (ie, no '.') this error coming pythonservicemessages.mc in pythonwin32. it turns out error result caused exception being thrown , python script dying off.
Read more

Determine if a XmlNode is empty or null in C#? -

-
the following code takes xmlnode data type , populates dataset object xmlnode content. write dataset's content file. public void populatedataset(xmlnode node) { xmlnodereader reader = new xmlnodereader(node); dataset ds = new dataset(); ds.readxml(reader); system.guid guid = system.guid.newguid(); string name = string.format("{0}{1}_{2}.xml", utility.xmloutputpath, utility.xmloutputfilename, guid.tostring()); //need write "node empty" file if xmlnode object empty of null ds.writexml(name, xmlwritemode.ignoreschema); } the problem encountered 1 scenario not write content file. how determine if xmlnode object null or empty? you can check if node parameter null or has innertext or innerxml properties null or empty, when enter method before creating xmlnodereader .
Read more