我正在构建一个asp.net核心web api应用程序,它将是在Windows机器上运行的WCF服务应用程序的客户端。这是我的服务客户端类:
public class VITServicesClient : ServicesClient, IDisposable
{
static SpnEndpointIdentity spn = new SpnEndpointIdentity("BtaIntercardSPN");
static EndpointIdentity endPointIdent = (spn as EndpointIdentity);
static readonly NetTcpBinding binding;
public static string Address { get; set; }
private static AddressHeader addressHeader1 = AddressHeader.CreateAddressHeader("specialservice1", "http://localhost:8000/service", 1);
private static AddressHeader addressHeader2 = AddressHeader.CreateAddressHeader("specialservice2", "http://localhost:8000/service", 2);
private static AddressHeader[] addressHeaders = new AddressHeader[2] { addressHeader1, addressHeader2 };
static VITServicesClient()
{
binding = new NetTcpBinding(SecurityMode.Transport);
binding.Name = "NetTcpBinding";
TcpTransportSecurity transportSecurity = new TcpTransportSecurity();
transportSecurity.SslProtocols = SslProtocols.Tls12;
transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport = transportSecurity;
binding.SendTimeout = new TimeSpan(0, 3, 0);
binding.MaxReceivedMessageSize = 1024 * 1024 * 100; //100MB max message size
}
public VITServicesClient() : base (binding, new EndpointAddress(new Uri(Address+":31716/IServices"), endPointIdent, addressHeaders))
{
}
public void Dispose()
{
}
}
这是执行wcf服务方法的Web控制器:
public async Task<string> GetDocumentByCountryCode(string countryCode)
{
try
{
VITServicesClient.Address = "net.tcp://10.64.4.61";
using (var service = new VITServicesClient())
{
var result = await service.GetDocumentSamplesByCountryCodeAsync(countryCode.ToString(), 1);
return (result as DocumentSamplesData[])[0].document_code;
}
}
catch (Exception ex)
{
return "failed " + ex.Message + ex.InnerException.InnerException.Message;
}
}
当我在Windows下运行客户端应用程序没有问题,但是当我在Ubuntu 16.04上部署应用程序并运行它并且当它尝试连接到Windows机器上的WCF服务时,我得到了那个例外 - 一个调用SSPI失败,看到内部异常.GSSAPI操作失败并显示错误 - 提供了无效的状态代码(SPNEGO无法找到协商机制)
我搜索了这个问题,Windows中的kerberos身份验证肯定存在问题。可能问题出在我在我的代码中使用的配置中,或者Ubuntu中可能存在必须更改的选项。
你必须在linux上安装gss-ntlmssp来修复这个问题,使用下面的命令
sudo apt-get update && apt-get install -y --no-install-recommended gss-ntlmssp
这是我的WCF配置{“ProviderId”:“Microsoft.VisualStudio.ConnectedService.Wcf”,“Version”:“15.0.20406.879”,“ExtendedData”:{“Uri”:“net.tcp:// banana:31716 / IServices“,”Namespace“:”VITService“,”SelectedAccessLevelForGeneratedClass“:”Public“,”GenerateMessageContract“:false,”ReuseTypesinReferencedAssemblies“:true,”ReuseTypesinAllReferencedAssemblies“:true,
"CollectionTypeReference": {
"Item1": "System.Array",
"Item2": "System.Runtime.dll"
},
"DictionaryCollectionTypeReference": {
"Item1": "System.Collections.Generic.Dictionary`2",
"Item2": "System.Collections.dll"
},
"CheckedReferencedAssemblies": [],
"InstanceId": null,
"Name": "VITService",
"Metadata": {}
} }