Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Domain Security
Message
De
29/12/2011 11:29:57
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, États-Unis
 
 
À
Tous
Information générale
Forum:
ASP.NET
Catégorie:
Windows Communication Foundation (WCF)
Titre:
Domain Security
Versions des environnements
Environment:
C# 4.0
OS:
Windows Server 2008
Divers
Thread ID:
01531880
Message ID:
01531880
Vues:
100
Hi All,

I've Googled around a bit for this topic, but thought I'd ask a quick question here before I do any more searching.

I have a WCF service (currently hosted from a Console Host, eventually will be a Windows Service), with only netTcp bindings. When doing testing originally, so that I could easily test between machines on my network, I set the security to none, and this works fine:
<netTcpBinding>
    <binding name = netTcpConfig" />
    <security mode="None" />
</netTcpBinding>
Now, we've got a nice setup for using virtual machines (using VMWare's esxi) and we've set up some VM's to be a domain controller and several to be Windows Server 2008 R2 on the domain.

Before setting up the VMs on the domain, I tried testing the service. With the security mode "None", the service could be accessed across VMs. Commenting out the security mode, the service could NOT be accessed (which, of course, is what should happen).

Then we set up the VM's on the domain. But when I first started testing, I had been logged into the *machines* (as Administrator) rather than into the *domain*. With the security mode still commented out, the service could now be accessed across VMs, presumably because the machines were members of the domain (even though I was not logged on to the domain).

However, and here's the problem, once I logged onto the domain, the service could not be accessed across the VMs and I get an error message: "A call to SSPI failed, see inner exception". As I said, I've been Googling and finding lots of different suggestions. I'd like to know which way to go before blindly following some of these suggestions (not sure I can easily find the inner exception either, but I haven't tried yet either). Suggestions have been made such as using an identity tag in my config and specifying either a userPrincipalName or a servicePrincipalName. Even so, I'm not sure what those should be and where they should go (client? service?). And, why were the VMs able to communicate with each other when logged in at the machine level, but not when logged in to the domain?

TIA,
~~Bonnie
Bonnie Berent DeWitt
NET/C# MVP since 2003

http://geek-goddess-bonnie.blogspot.com
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform