WCF自定义证书验证不验证
[英]Wcf custom certificate validation doesn't validate
问题描述
I'm trying to find an error in my wcf configuration, but I can't find where is problem. 
我正在尝试在wcf配置中找到错误,但找不到问题所在。 Propably I need couple more eyes; 大概我需要多一些眼睛; anyway I want to use custom certification validation in wcf. 无论如何,我想在wcf中使用自定义证书验证。 I seted break point in my CertificateValidator class but this break point didn't catch any request, but application is running and I can send requests (without certificate). 我在CertificateValidator类中设置了断点,但是此断点未捕获任何请求,但是应用程序正在运行,并且可以发送请求(不使用证书)。
Here is my configuration 这是我的配置
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="104857600">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AccountService" behaviorConfiguration="">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="" contract="IAccountService"></endpoint>
</service>
<service name="PortalService" behaviorConfiguration="">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="" contract="IPortalService"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="Services.Validators.CertificateValidator, Services" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
1 个解决方案
解决方案1
0 已采纳 2015-03-24 12:59:56
Are you using NET 4, or 4.5? 您使用的是NET 4还是4.5?
Things I think you missed: 我认为您错过的事情:
- your custom
basicHttpBindingneeds to use<security mode="Message">(currently you aren't specifying it, which means default of"None")您的自定义basicHttpBinding需要使用<security mode="Message">(当前您未指定它,这意味着默认为"None") - your custom
basicHttpBindingneeds aname=so it can be referenced您的自定义basicHttpBinding需要一个name=以便可以被引用 - your endpoints need to reference the custom
basicHttpBindingby usingbindingConfiguration=您的端点需要通过使用bindingConfiguration=引用自定义basicHttpBinding - your custom service behavior needs a
name=so it can be referenced您的自定义服务行为需要name=以便可以引用 - your service needs to reference the custom service behaviour by using
behaviorConfiguration=您的服务需要使用behaviorConfiguration=来引用自定义服务行为 - your service needs to specify a
<serviceCertificate>in<serviceCredentials>which is used in the protocol to establish a secure channel with clients您的服务需要指定一个<serviceCertificate>在<serviceCredentials>这是在协议用于建立与客户端的安全通道 - your client needs to know the
'<serviceCertificate>'in<clientCredentials>so that it can establish a secure channel with the server您的客户端需要知道<clientCredentials>的'<serviceCertificate>',以便它可以与服务器建立安全通道 - your client needs to attach the certificate being used for credential to the request(s) being sent to the server (either by specifying in it
<clientCertificate>in<clientCredentials>in the .config, or programmatically)您的客户端需要将用于证书的证书附加到发送到服务器的请求上(通过在.config中的<clientCredentials>中的<clientCertificate>中指定,或通过编程方式) - make sure you have your certificates created and installed properly 确保您已正确创建和安装证书
Note: you should have created at least 2 certificates - 1 used for the identity of the Server - 1 or more used by clients for credentials (depends if you decide all clients should present the same certificate, or if you assign unique ones for each one) - DO NOT use the same certificate for Server identify and Client credentials 注意:您应该至少创建了2个证书-1个用于服务器的身份-1个或更多由客户端用于凭据(取决于您是否决定所有客户端都应提供相同的证书,或者是否为每个客户端分配唯一的证书) )-请勿对服务器标识和客户端凭据使用同一证书
Some links to help understand "message level security": 一些链接可帮助您了解“消息级别的安全性”:
- http://dotnetmentors.com/wcf/wcf-message-level-security-by-example.aspx http://dotnetmentors.com/wcf/wcf-message-level-security-by-example.aspx
- http://shaunrostami.blogspot.co.uk/2012/02/there-are-situation-where-you-cant-use.html http://shaunrostami.blogspot.co.uk/2012/02/there-are-situation-where-you-cant-use.html
- https://msdn.microsoft.com/en-us/library/ms733098%28v=vs.110%29.aspx https://msdn.microsoft.com/zh-CN/library/ms733098%28v=vs.110%29.aspx
Consider using "Transport" level security if your message exchange is too slow for you. 如果您的消息交换对您来说太慢,请考虑使用“传输”级别的安全性。
Try this: 尝试这个:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="securebasicHttpBinding" maxReceivedMessageSize="104857600">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="secureBehaviour" name="AccountService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="securebasicHttpBinding"
contract="IAccountService" />
</service>
<service behaviorConfiguration="secureBehaviour" name="PortalService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="securebasicHttpBinding"
contract="IPortalService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="secureBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate ...something goes here... />
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="Services.Validators.CertificateValidator, Services" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.