我遇到的这个问题并不适用于所有访问我们服务的客户机,但一致的是,当错误发生时,它发生在少数客户机的同一个服务调用上。
以下是异常的详细信息:
system.servicemodel.security.MessageSecurityException HTTP请求
禁止使用客户端身份验证方案“anonymous”。
system.servicemodel.security.MessageSecurityException:http
客户端身份验证方案“anonymous”禁止请求。
>--->system.net.webexception:远程服务器返回一个错误:(403)禁止。在的system.net.httpwebrequest.getresponse()上
system.servicemodel.channels.httpchannelfactory.httprequestchannel.httpchannelrequest.waitforreply(时间跨度
超时)--内部异常堆栈跟踪结束---服务器
堆栈跟踪:位于
system.servicemodel.security.issuancetokenproviderbase1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.clientsecuritychannel1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings1.clientsecuritysessionchannel.onopen(时间跨度
超时)在
system.servicemodel.channels.communicationobject.open(时间跨度
超时)在
system.servicemodel.channels.servicechannel.onopen(时间跨度超时)
在system.servicemodel.channels.communicationobject.open(时间跨度
超时)在
system.servicemodel.channels.servicechannel.callopenonce.system.servicemodel.channels.servicechannel.icallonce.call(服务通道
频道,时间跨度超时)在
system.servicemodel.channels.servicechannel.calloncemanger.callonce(时间跨度
超时,calloncemanger cascade)在
system.servicemodel.channels.servicechannel.ensureopened(时间跨度
超时)在
system.serviceModel.channels.serviceChannel.call(字符串操作,
布尔单向,proxyoperationruntime操作,对象[]ins,
对象[]输出,时间跨度超时)在
system.serviceModel.channels.serviceChannel.call(字符串操作,
布尔单向,proxyoperationruntime操作,对象[]ins,
对象[]out)位于
system.servicemodel.channels.serviceChannelProxy.invokeService(IMethodCallMessage
methodcall,proxyoperationruntime操作)在
system.servicemodel.channels.serviceChannelProxy.invoke(IMessage
消息)在[0]重新引发异常:在
Simult.RunTime.ReloTest.Prxess.RealPosial.HuffLeReTurnMessage(Iimessage)
reqmsg,imessage retmsg)在
系统运行时。
msgdata,int32类型)位于
>proxy.filetransferservice.ifilettransferservice.estrastproxy(下载请求
请求)位于proxy.filetransferservice.filetransferserviceclient。
proxy.filetransferservice.ifilettransferservice.estrastproxy(下载请求
请求)在normalfiletransferserviceclient.download(int32
packageid,istreamwriter下载程序,archiver archiver),位于
LoggingFileTransferServiceClient.download(int32包id,ist
客户端正在引发该异常。
IFileTransferService的客户端代理配置为:
<binding name="WSHttpBinding_IFileTransferService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
<endpoint address="http://[hostname]/FileTransferService.svc/FileTransfer"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IFileTransferService"
contract="Proxy.FileTransferService.IFileTransferService"
name="WSHttpBinding_IFileTransferService">
<identity>
<certificate encodedValue="a long string"/>
</identity>
</endpoint>
服务配置是
<service behaviorConfiguration="ServiceBehavior"
name="Services.FileTransferService">
<endpoint name="WSHttpBinding_IFileTransferService"
binding="wsHttpBinding"
bindingConfiguration="MtomWSHttpBinding"
contract="Services.IFileTransferService"
address="/FileTransfer"/>
<endpoint binding="basicHttpBinding"
bindingConfiguration="FileTransferServicesBinding"
contract="Services.IFileTransferService"/>
<host>
<baseAddresses>
<add baseAddress="http://[hostname]/FileTransferService.svc"/>
</baseAddresses>
</host>
</service>
<binding name="wsHttpBinding"
maxReceivedMessageSize="2147483647"
receiveTimeout="5"
useDefaultWebProxy="false">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
<basicHttpBinding>
<binding name="FileTransferServicesBinding"
maxReceivedMessageSize="10067108864"
messageEncoding="Mtom"
transferMode="Streamed"
useDefaultWebProxy="false">
<security mode="None">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
注意:一些客户机正在使用BasicHttpBinding(如果我设置正确的话)。在客户端的稍后版本中,可能还没有完全分发(这就是为什么我必须支持2个版本),我将代理更改为使用wshttpbinding端点。我想知道我得到的这个错误是否是basichttp特有的,如果是,也许我没有正确设置这些配置。我假设得到这个403错误的客户机正在使用wshttpbinding。
这是服务代码:
public RemoteBinaryInfo EstablishProxy(DownloadRequest request)
{
int packageId = request.PackageId;
System.IO.MemoryStream stream = new System.IO.MemoryStream(packageRepository.GetPackageBinary(packageId));
DisposeStreamWhenOperationIsComplete(stream, OperationContext.Current);
RemoteBinaryInfo result = new RemoteBinaryInfo();
result.Length = stream.Length;
result.MemoryByteStream = stream;
return result;
}
private static void DisposeStreamWhenOperationIsComplete(System.IO.MemoryStream stream, OperationContext clientContext)
{
clientContext.OperationCompleted += new EventHandler(delegate(object sender, EventArgs args)
{
if (stream != null)
stream.Dispose();
});
}
有人知道摆脱这个异常是不是我能控制的?是否可以对客户端或服务配置文件进行任何配置更改?
如果你还需要我的信息,请告诉我。
最佳答案
在我的例子中,这个错误来自我们组织的http代理服务器。从以下位置找到:MessageSecurityException.InnerException.Response.Headers:
{mime版本:1.0
X-Squid-error:错误访问被拒绝0
X缓存:未命中<
x-cache-lookup:none from
代理连接:关闭
内容长度:2165
内容类型:text/html
日期:2012年4月25日星期三格林尼治时间10:55:39
服务器:squid/3.0.stable25
通过:1.0(squid/3.0.stable25)
}
在我的例子中,还发生了一个文件传输方法,它在大小为16384的byte数组中传输文件块。在将大小减小到10000时,错误得到了解决。这意味着代理服务器设置了某种大小限制。
在具有直接Internet访问的计算机上,文件传输方法从未因此错误而失败,即使数组大小>16384。
因为只有您的一些客户机面临这个问题,可能他们在防火墙/代理服务器后面,而防火墙/代理服务器实际上是阻止访问并返回此错误的服务器?