none
Security negotiation failed because the remote party did not send back a reply in a timely manner. This may be because the underlying transport connection was aborted. RRS feed

  • 问题

  • 我的client端访问Service程序抛出的异常:

    Security negotiation failed because the remote party did not send back a reply in a timely manner. This may be because the underlying transport connection was aborted.

    把我的client端的App.config附上:

    <?xml version="1.0" encoding="utf-8"?>
    
    <configuration>
    
     <system.diagnostics>
    
     <sources>
    
      <source name="System.ServiceModel" switchValue="Warning, ActivityTracing"
    
      propagateActivity="true">
    
      <listeners>
    
       <add type="System.Diagnostics.DefaultTraceListener" name="Default">
    
       <filter type="" />
    
       </add>
    
       <add name="ServiceModelTraceListener">
    
       <filter type="" />
    
       </add>
    
      </listeners>
    
      </source>
    
     </sources>
    
     <sharedListeners>
    
      <add initializeData="C:\Users\yjf\Desktop\SearchAdmin\ConsoleApplication1\ConsoleApplication1\App_tracelog.svclog"
    
      type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    
      name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
    
      <filter type="" />
    
      </add>
    
     </sharedListeners>
    
     </system.diagnostics>
    
     <system.serviceModel>
    
     <bindings>
    
      <customBinding>
    
      <binding name="CustomBinding_ISearchApplicationAdminWebService">
    
       <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
    
       requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
    
       keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
    
       <issuedTokenParameters keyType="SymmetricKey" tokenType="">
    
        <issuer address="http://bdcr.fareast.corp.microsoft.com:32843/SecurityTokenServiceApplication/securitytoken.svc"
    
        binding="ws2007HttpBinding" bindingConfiguration="ws2007HttpBinding_Trust">
    
        <identity>
    
         <userPrincipalName value="yjf@contoso.com" />
    
         <servicePrincipalName value="host/BDCR.contoso.com" />
    
         <certificateReference x509FindType="FindByThumbprint" findValue="16 ef d8 0d 39 d1 74 a0 8a 76 5a c7 70 05 98 87 28 75 33 f8" />
    
        </identity>
    
        </issuer>
    
       </issuedTokenParameters>
    
       <localClientSettings cacheCookies="true" detectReplays="false"
    
        replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
    
        replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
    
        sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
    
        timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
    
       <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
    
        maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
    
        negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
    
        sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
    
        reconnectTransportOnFailure="true" maxPendingSessions="128"
    
        maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
    
       <secureConversationBootstrap />
    
       </security>
    
       <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
    
       messageVersion="Default" writeEncoding="utf-8">
    
       <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
    
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
    
       </textMessageEncoding>
    
       <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
    
       maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
    
       bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
    
       keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
    
       realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
    
       useDefaultWebProxy="true" requireClientCertificate="false">
    
       <extendedProtectionPolicy policyEnforcement="Never" />
    
       </httpsTransport>
    
      </binding>
    
      <binding name="CustomBinding_IWSTrust13Sync">
    
       <security defaultAlgorithmSuite="Basic256Sha256" allowSerializedSigningTokenOnReply="false"
    
       authenticationMode="SspiNegotiatedOverTransport" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12">
    
       <secureConversationBootstrap />
    
       </security>
    
       <binaryMessageEncoding>
    
       <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
    
       </binaryMessageEncoding>
    
       <httpTransport maxReceivedMessageSize="2162688" authenticationScheme="Negotiate"
    
       useDefaultWebProxy="false">
    
       <extendedProtectionPolicy policyEnforcement="Never" />
    
       </httpTransport>
    
      </binding>
    
      </customBinding>
    
      <ws2007HttpBinding>
    
      <binding name="ws2007HttpBinding_Trust">
    
       <security mode="Message">
    
       <transport>
    
        <extendedProtectionPolicy policyEnforcement="Never" />
    
       </transport>
    
       </security>
    
      </binding>
    
      </ws2007HttpBinding>
    
     </bindings>
    
     <client>
    
      <endpoint address="https://bdcr.contoso.com:32844/697a71549cd84544885bb9fc97a0ddd5/SearchAdmin.svc"
    
      binding="customBinding" bindingConfiguration="CustomBinding_ISearchApplicationAdminWebService"
    
      contract="ISearchApplicationAdminWebService" name="CustomBinding_ISearchApplicationAdminWebService" />
    
      <endpoint address="http://bdcr.contoso.com:32843/SecurityTokenServiceApplication/securitytoken.svc"
    
      binding="customBinding" bindingConfiguration="CustomBinding_IWSTrust13Sync"
    
      contract="IWSTrust13Sync" name="CustomBinding_IWSTrust13Sync">
    
      <identity>
    
       <servicePrincipalName value="host/BDCR.contoso.com" />
    
      </identity>
    
      </endpoint>
    
     </client>
    
     </system.serviceModel>
    
    </configuration>
    
    

    请问各位大大这个是什么问题?如何解决??

    我使用的endpoint是https://bdcr.contoso.com:32844/697a71549cd84544885bb9fc97a0ddd5/SearchAdmin.svc

    2010年4月22日 6:14

答案

全部回复

  •  <certificateReference x509FindType="FindByThumbprint" findValue="16 ef d8 0d 39 d1 74 a0 8a 76 5a c7 70 05 98 87 28 75 33 f8" />

     这个值 能把空格移除吗
     你尝试一下
     证书的指纹 不需要空格吧,这里可能和服务证书的指纹不匹配,导致无法鉴别服务身份,协商失败啊。


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2010年4月22日 6:20
    版主
  •   <security mode="Message">

     消息安全啊
     他有使用证书吗
     这个证书 到底受不受信任 还不一定啊
     对方告诉你 这个是 商业证书?
     可以测试?


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2010年4月22日 6:43
    版主
  • <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
     <system.serviceModel>
    
      <!-- Behavior List: -->
      <behaviors>
       <serviceBehaviors>
        <behavior name="SecurityTokenServiceBehavior" >
         <!-- The serviceMetadata behavior allows one to enable metadata (endpoints, bindings, services) publishing.
            This configuration enables publishing of such data over HTTP GET.
            This does not include metadata about the STS itself such as Claim Types, Keys and other elements to establish a trust.
         -->
         <serviceMetadata httpGetEnabled="true" />
         <!-- Default WCF throttling limits are too low -->
         <serviceThrottling maxConcurrentCalls="65536" maxConcurrentSessions="65536" maxConcurrentInstances="65536" />
    
        </behavior>
       </serviceBehaviors>
      </behaviors>
    
      <!-- Service List: -->
      <services>
       <service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract"   
            behaviorConfiguration="SecurityTokenServiceBehavior" >
        <!-- This is the HTTP endpoint that supports clients requesing tokens. This endpoint uses the default 
           standard ws2007HttpBinding which requires that clients authenticate using their Windows credentials. -->
        <endpoint
         address=""
         binding="customBinding"
         bindingConfiguration="spStsBinding"
         contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />
    
        <!-- This is the HTTP endpoint that supports clients requesting service tokens. -->
        <!-- <endpoint-->
        <!--  name ="ActAs"-->
        <!--  address="actas"-->
        <!--  binding="customBinding"-->
        <!--  bindingConfiguration="spStsActAsBinding"-->
        <!--  contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />-->
    
        <!-- This is the HTTP endpoint that supports IMetadataExchange. -->
        <!-- <endpoint address="mex"-->
        <!--      binding="mexHttpBinding"-->
        <!--      contract="IMetadataExchange" />-->
       </service>
       <service name="Microsoft.SharePoint.Administration.Claims.SPWindowsTokenCacheService">
        <endpoint address=""
             binding="customBinding"
             bindingConfiguration="SPWindowsTokenCacheServiceHttpsBinding"
             contract="Microsoft.SharePoint.Administration.Claims.ISPWindowsTokenCacheServiceContract" />
       </service>
      </services>
    
      <!-- Binding List: -->
      <bindings>
       <customBinding>
        <binding
         name="spStsBinding">
         <binaryMessageEncoding>
          <readerQuotas
           maxStringContentLength="1048576"
           maxArrayLength="2097152"/>
         </binaryMessageEncoding>
         <httpTransport
          maxReceivedMessageSize="2162688"
          authenticationScheme="Negotiate"
          useDefaultWebProxy="false" />
        </binding>
        <binding
         name="spStsActAsBinding">
         <security
          authenticationMode="SspiNegotiatedOverTransport"
          allowInsecureTransport="true"
          defaultAlgorithmSuite="Basic256Sha256"
          messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" />
         <binaryMessageEncoding>
          <readerQuotas
           maxStringContentLength="1048576"
           maxArrayLength="2097152"/>
         </binaryMessageEncoding>
         <httpTransport
          maxReceivedMessageSize="2162688"
          authenticationScheme="Negotiate"
          useDefaultWebProxy="false"/>
        </binding>
        <binding name="SPWindowsTokenCacheServiceHttpsBinding">
         <security authenticationMode="IssuedTokenOverTransport" />
         <textMessageEncoding>
          <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152"/>
         </textMessageEncoding>
         <httpsTransport maxReceivedMessageSize="2162688" authenticationScheme="Anonymous" useDefaultWebProxy="false" />
        </binding>
       </customBinding>
      </bindings>
     </system.serviceModel>
    
     <system.webServer>
      <security>
       <authentication>
        <anonymousAuthentication enabled="true" />
        <windowsAuthentication enabled="true">
         <providers>
          <clear />
          <add value="Negotiate" />
          <add value="NTLM" />
         </providers>
        </windowsAuthentication>
       </authentication>
      </security>
      <modules>
       <add name="WindowsAuthenticationModule" />
      </modules>
     </system.webServer>
     <system.net>
      <connectionManagement>
       <add address="*" maxconnection="10000" />
      </connectionManagement>
     </system.net>
    </configuration>
    
    这个是我的securityToken的配置,我理解它没有使用证书,(因为没有<ServiceCertificate findValue>的标签),问下我的理解对吗?这个service我如何和他通信呢?
    2010年4月22日 9:22
  •    messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" />

    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2010年4月22日 9:49
    版主
  • .NET Framework 类库
    WS2007HttpBinding 类

    更新:2007 年 11 月

    表示派生自 WSHttpBinding 的可互操作绑定,并对 SecurityReliableSessionTransactionFlow 绑定元素的更新版本提供支持。

    WS2007HttpBinding 类会添加与 WSHttpBinding 类似的系统提供绑定,但使用 ReliableSessionSecurityTransactionFlow 协议的结构化信息标准促进组织 (OASIS) 标准版本。使用此绑定时,无需对对象模型或默认设置进行任何更改

    http://msdn.microsoft.com/zh-cn/library/system.servicemodel.ws2007httpbinding(VS.90).aspx

    Web Services Protocols Supported by System-Provided Interoperability Bindings

    http://msdn.microsoft.com/en-us/library/ms730294.aspx

     WSHttpBinding 默认使用消息安全啊


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    • 已标记为答案 yjf-10 2010年4月30日 2:54
    2010年4月22日 9:54
    版主
  • 客户端和WCF服务端在同一台机器吗?若不在同一台机器,请检查时间设置是否同步,不同步的话会被服务器认为是replay攻击,访问被拒绝。


    Mog Liang
    2010年4月26日 8:59