[英]The HTTP request was forbidden with client authentication scheme 'Anonymous'. 3
I am implementing mutual handshake over https using wcf, and I receive an error: "The HTTP request was forbidden with client authentication scheme 'Anonymous'." 我正在使用wcf通过https实现相互握手,并且收到错误消息:“ HTTP请求被客户端身份验证方案'Anonymous'禁止。”
Service code: 服务代码:
var binding = new BasicHttpBinding()
{
Security =
{
Mode = BasicHttpSecurityMode.Transport,
Transport = { ClientCredentialType = HttpClientCredentialType.Certificate },
},
};
var sh = new ServiceHost(typeof(EchoService), new Uri("https://localhost:9876"));
//sh.Description.Behaviors.Add(new ServiceMetadataBehavior());
//sh.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), "mex");
sh.AddServiceEndpoint(typeof(IEchoService), binding, "");
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
sh.Open();
Client code: 客户代码:
var binding = new BasicHttpBinding()
{
Security =
{
Mode = BasicHttpSecurityMode.Transport,
Transport = { ClientCredentialType = HttpClientCredentialType.Certificate },
},
};
var sslClientFactory = new ChannelFactory<IEchoService>(binding, "https://localhost:9876");
sslClientFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
var sslClient = sslClientFactory.CreateChannel();
var response = sslClient.Echo("Https Echo");
I have assign this certificate to port using httpcfg. 我已将此证书分配给使用httpcfg的端口。
If I change binding from BasicHttpBinding to NetTcpBinding it works fine. 如果我将绑定从BasicHttpBinding更改为NetTcpBinding,则可以正常工作。
If I run two instances of my service (in one process), one which uses NetTcpBinding and second one which uses BasicHttpBinding, and consume it from net tcp client and https client, both works fine (clients use the same certificate). 如果我运行我的服务的两个实例(在一个过程中),一个使用NetTcpBinding,另一个使用BasicHttpBinding,并从net tcp客户端和https客户端使用它,那么两者都可以正常工作(客户端使用相同的证书)。
What cases that if i run only my https client I get "The HTTP request was forbidden with client authentication scheme 'Anonymous'."? 如果仅运行https客户端,会收到“客户端身份验证方案'Anonymous'禁止HTTP请求”的情况?
I have noticed that I have a lot of doubled certs (pairs of two identically certs - with the same thumbrpint) in store (I dont know how i put them there like that), and I think that this was a problem. 我注意到商店中有很多加倍的证书(两个相同证书对-具有相同的thumbrpint)(我不知道我是怎么把它们放在那里的),我认为这是一个问题。 Maybe when certs are doubled in store, server sends to client only those issuers from not doubled certs? 也许当存储中的证书加倍时,服务器仅将未加倍证书的发行者发送给客户端?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.