WCF服务：调用者未通过服务进行身份验证

Edit: Issue discovered, problem not solved.

编辑：发现问题，问题未解决。

I'm currently writing a WCF service library to access a Dynamics CRM 2011 server to gather a list of the visible organizations.

我目前正在编写一个WCF服务库来访问Dynamics CRM 2011服务器以收集可见组织的列表。

The code works well locally, however when accessing the service in a console application, I recieve the following error:

代码在本地运行良好，但是当在控制台应用程序中访问服务时，我收到以下错误：

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpantimeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
   at DHDServ.DHDServ.GetData(String serverName)
Press any key to continue . . .

I am using active directory/Windows authentication and blocking anonymous users (the service is hosted on Windows Server 2008, but will be accessed by other machines). Due to inexperience, the web.config file is still quite barebones (from the Visual Studio 2010 template).

我正在使用活动目录/ Windows身份验证和阻止匿名用户（该服务托管在Windows Server 2008上，但将由其他计算机访问）。由于经验不足，web.config文件仍然非常准确（来自Visual Studio 2010模板）。

Any help would be greatly appreciated. If you require more information, please ask and I'll reply as soon as possible.

任何帮助将不胜感激。如果您需要更多信息，请询问，我会尽快回复。

Thanks, Jason

谢谢你，杰森

2 个解决方案

#1

Ensure that the windows user you are running the command line as, is an active user AND has at least one role within CRM. Also make sure you have the WIF installed.

确保您正在运行命令行的Windows用户是活动用户，并且在CRM中至少有一个角色。还要确保安装了WIF。

#2

It appears to be a problem with our server connections.

它似乎是我们的服务器连接的问题。

Due to the way in which our servers are set-up, it doesn't handle a 'double hop' very well - leading to a Kerberos authentication error.

由于我们的服务器的设置方式，它不能很好地处理'双跳' - 导致Kerberos身份验证错误。

We have yet to solve this error, however this post is just to let you know the problem is resolved.

我们还没有解决这个错误，但是这篇文章只是为了让你知道问题已经解决了。

Thanks to all who helped :)

感谢所有帮助过的人:)

#1