WCF 传输安全:套接字连接被中止

Posted

技术标签:

【中文标题】WCF 传输安全:套接字连接被中止【英文标题】:WCF transport security: socket connection was aborted 【发布时间】:2015-08-17 08:40:31 【问题描述】:

我无法让运输安全发挥作用。

我有 2 个服务(A 和 B)在同一台服务器上运行。服务 A 将调用服务 B 来执行某些任务。没有任何安全措施,我可以正常交流。但是当我使用以下设置打开传输安全时:

安全模式 = 传输 TransportClientCredentialType = Windows ProtectionLevel = EncryptAndSign

服务 A 调用服务 B 时出现错误:

System.ServiceModel.CommunicationException:套接字连接已中止。这可能是由于处理您的消息时出错或远程主机超出接收超时,或者是潜在的网络资源问题引起的。本地套接字超时为“00:00:09.7810000”。 ---> System.IO.IOException: 读操作失败,见内部异常。 ---> System.ServiceModel.CommunicationException:套接字连接被中止。这可能是由于处理您的消息时出错或远程主机超出接收超时,或者是潜在的网络资源问题引起的。本地套接字超时为“00:00:09.7810000”。 ---> System.Net.Sockets.SocketException: 现有连接被远程主机强行关闭

我尝试将接收和发送超时更改为 5 分钟,但我仍然收到相同的错误,超时持续时间大致相同。唯一的区别是我需要等待 5 分钟而不是 1 分钟。

谁能提供有关原因以及如何解决此问题的见解?

附件是两个服务的配置文件:

服务A

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <compilation targetFramework="4.5" debug="true" defaultLanguage="c#" />
  </system.web>
  <system.serviceModel>
    <protocolMapping>
      <remove scheme="net.tcp" />
      <add scheme="net.tcp" binding="netTcpBinding" bindingConfiguration="ReliableTCP" />
    </protocolMapping>
    <client/>
    <behaviors>
      <serviceBehaviors>
        <behavior name="mexTag">
          <serviceMetadata httpGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="tryBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <customBinding>
        <binding name="mexTcp">
          <tcpTransport portSharingEnabled="true" />
        </binding>
      </customBinding>
      <netTcpBinding>
        <binding name="ReliableTCP" portSharingEnabled="true" sendTimeout="00:05:00" receiveTimeout="00:05:00" 
                 maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
          <reliableSession enabled="true" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="mexTag" name="Test.Service.ServiceAImpl">
        <endpoint address="net.tcp://app-svr:10010/ServiceA/ServiceAImpl/" behaviorConfiguration="tryBehavior"
          binding="netTcpBinding" bindingConfiguration="ReliableTCP" contract="Test.Service.IServiceA" />
        <endpoint address="net.tcp://app-svr:10012/ServiceA/ServiceAImpl/mex"
          binding="customBinding" bindingConfiguration="mexTcp" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

服务B

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <compilation targetFramework="4.5" debug="true" defaultLanguage="c#" />
  </system.web>
  <system.serviceModel>
    <client>
      <endpoint address="net.tcp://app-svr:10010/ServiceA/ServiceAImpl/"
        binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IServiceA"
        behaviorConfiguration="tryBehavior"
        contract="ServiceAReference.IServiceA" name="NetTcpBinding_IServiceA" />
    </client>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MEXGET" >
          <!-- Add the following element to your service behavior configuration. -->
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="tryBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <customBinding>
        <binding name="MexTcp">
          <tcpTransport portSharingEnabled="true" />
        </binding>
      </customBinding>
      <netTcpBinding>
        <binding name="ReliableTCP" portSharingEnabled="true">
          <reliableSession enabled="true" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
          </security>
        </binding>
        <binding name="NetTcpBinding_IServiceA" receiveTimeout="00:05:00" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
          <reliableSession enabled="true" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
          </security>
        </binding>
      </netTcpBinding>
      <mexTcpBinding>
        <binding name="MexTcp" />
      </mexTcpBinding>
    </bindings>
    <services>
      <service name="Test.Service.ServiceBImpl" behaviorConfiguration="MEXGET" >

        <endpoint address="mex"
                  binding="customBinding"
      bindingConfiguration="MexTcp"
                  contract="IMetadataExchange" />

        <endpoint address="mex"
                  binding="mexHttpBinding"
                  contract="IMetadataExchange" />
        <endpoint
             address="net.tcp://app-svr:10010/ServiceB/ServiceBImpl"
             binding="netTcpBinding" behaviorConfiguration="tryBehavior"
             bindingConfiguration="ReliableTCP"
             contract="Test.Service.ServiceB" />

        <host>
            <baseAddresses>
              <add baseAddress="http://app-svr:10011/ServiceB/ServiceBImpl" />
              <add baseAddress="net.tcp://app-svr:10010/ServiceB/ServiceBImpl" />
            </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

【问题讨论】:

【参考方案1】:

有一个解决方案here ...你应该试试...

    在服务和客户端配置中添加了这些行为。

    <behaviors>
     <endpointBehaviors>
      <behavior name="endpointBehavior">
    <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
    </behavior>
     </endpointBehaviors>
    </behaviors>
    

    在客户端和服务器配置中将这些值更新为最大大小。

    <binding name="tcpBinding" receiveTimeout="00:15:00" sendTimeout="00:15:00"  maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
      <security mode="None">
        <transport clientCredentialType="None" protectionLevel="None" />
        <message clientCredentialType="None" />
      </security>
    </binding>
    

希望对你有帮助。

【讨论】:

感谢您的回复,但上述解决方案对我不起作用。【参考方案2】:

我遇到了同样的错误,它是由服务凭据错误或丢失引起的。由于您使用的是 tcp 绑定,因此首先创建绑定并正确设置安全性:

NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport)
        
            CloseTimeout = TimeSpan.FromSeconds(timeoutInSeconds),
            OpenTimeout = TimeSpan.FromSeconds(timeoutInSeconds),
            SendTimeout = TimeSpan.FromSeconds(timeoutInSeconds),
            ReceiveTimeout = TimeSpan.FromSeconds(timeoutInSeconds)
        ;

        binding.Security.Transport.ClientCredentialType = 
TcpClientCredentialType.Windows;
        binding.MaxReceivedMessageSize = int.MaxValue;
        binding.MaxBufferSize = int.MaxValue;
        binding.MaxBufferPoolSize = int.MaxValue;

请务必在创建客户端后设置好用户名和密码:

var serviceClient = new MyServiceClient(binding, endpointYouDefine);
serviceClient.ClientCredentials.Windows.ClientCredential = new NetworkCredential("usernameInActiveDirectory", "passwordForTheADUser", "yourdomain.com");

在那之后不要对客户做任何其他事情。我见过一些奇怪的行为,例如在分配凭据后以编程方式设置读取器配额,然后凭据被清除。

【讨论】:

【参考方案3】:

我设法通过在托管 net.tcp Web 服务的服务器中执行以下操作来解决此问题:

    从 services.msc 重新启动 NET TCP 端口共享服务 以管理员身份打开命令提示符并运行 IIS 重置

【讨论】:

【参考方案4】:

我为此创建了扩展方法。 一种用于 NetTcpBinding,另一种用于 NetNamedPipeBinding。当然只能用于内部服务。计时也是如此,当夜间不使用默认服务时,它会在早上第一次调用时失败。

    public static void ActivateMaxValues(this NetTcpBinding b)
    
        b.OpenTimeout = TimeSpan.FromHours(10);
        b.CloseTimeout = TimeSpan.FromMinutes(10);
        b.ReceiveTimeout = TimeSpan.FromHours(10);
        b.SendTimeout = TimeSpan.FromHours(10);

        b.MaxBufferSize = int.MaxValue;
        b.MaxReceivedMessageSize = int.MaxValue;

        b.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        
            MaxArrayLength = int.MaxValue,
            MaxBytesPerRead = int.MaxValue,
            MaxDepth = int.MaxValue,
            MaxNameTableCharCount = int.MaxValue,
            MaxStringContentLength = int.MaxValue
        ;
    

    public static void ActivateMaxValues(this NetNamedPipeBinding b)
    
        b.TransactionFlow = true;

        b.OpenTimeout = TimeSpan.FromHours(1);
        b.CloseTimeout = TimeSpan.FromMinutes(10);
        b.ReceiveTimeout = TimeSpan.FromHours(1);
        b.SendTimeout = TimeSpan.FromHours(1);

        b.MaxBufferSize = int.MaxValue;
        b.MaxReceivedMessageSize = int.MaxValue;

        b.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        
            MaxArrayLength = int.MaxValue,
            MaxBytesPerRead = int.MaxValue,
            MaxDepth = int.MaxValue,
            MaxNameTableCharCount = int.MaxValue,
            MaxStringContentLength = int.MaxValue
        ;
    

【讨论】:

以上是关于WCF 传输安全:套接字连接被中止的主要内容,如果未能解决你的问题,请参考以下文章

套接字连接被中止 - CommunicationException

(初学者)C#/WCF:套接字连接中止

WCF over net.tcp 与安全模式 none 给出异常

工作组上的 WCF

带有重复 AJAX 调用的 Django 关闭套接字错误 [WinError 10053] 已建立的连接被主机中的软件中止

WCF常见问题