[英]Wcf custom certificate validation doesn't validate
I'm trying to find an error in my wcf configuration, but I can't find where is problem. 我正在尝试在wcf配置中找到错误,但找不到问题所在。 Propably I need couple more eyes;
大概我需要多一些眼睛; anyway I want to use custom certification validation in wcf.
无论如何,我想在wcf中使用自定义证书验证。 I seted break point in my CertificateValidator class but this break point didn't catch any request, but application is running and I can send requests (without certificate).
我在CertificateValidator类中设置了断点,但是此断点未捕获任何请求,但是应用程序正在运行,并且可以发送请求(不使用证书)。
Here is my configuration 这是我的配置
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="104857600">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AccountService" behaviorConfiguration="">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="" contract="IAccountService"></endpoint>
</service>
<service name="PortalService" behaviorConfiguration="">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="" contract="IPortalService"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="Services.Validators.CertificateValidator, Services" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Are you using NET 4, or 4.5? 您使用的是NET 4还是4.5?
Things I think you missed: 我认为您错过的事情:
basicHttpBinding
needs to use <security mode="Message">
(currently you aren't specifying it, which means default of "None"
) basicHttpBinding
需要使用<security mode="Message">
(当前您未指定它,这意味着默认为"None"
) basicHttpBinding
needs a name=
so it can be referenced basicHttpBinding
需要一个name=
以便可以被引用 basicHttpBinding
by using bindingConfiguration=
bindingConfiguration=
引用自定义basicHttpBinding
name=
so it can be referenced name=
以便可以引用 behaviorConfiguration=
behaviorConfiguration=
来引用自定义服务行为 <serviceCertificate>
in <serviceCredentials>
which is used in the protocol to establish a secure channel with clients <serviceCertificate>
在<serviceCredentials>
这是在协议用于建立与客户端的安全通道 '<serviceCertificate>'
in <clientCredentials>
so that it can establish a secure channel with the server <clientCredentials>
的'<serviceCertificate>'
,以便它可以与服务器建立安全通道 <clientCertificate>
in <clientCredentials>
in the .config, or programmatically) <clientCredentials>
中的<clientCertificate>
中指定,或通过编程方式) Note: you should have created at least 2 certificates - 1 used for the identity of the Server - 1 or more used by clients for credentials (depends if you decide all clients should present the same certificate, or if you assign unique ones for each one) - DO NOT use the same certificate for Server identify and Client credentials 注意:您应该至少创建了2个证书-1个用于服务器的身份-1个或更多由客户端用于凭据(取决于您是否决定所有客户端都应提供相同的证书,或者是否为每个客户端分配唯一的证书) )-请勿对服务器标识和客户端凭据使用同一证书
Some links to help understand "message level security": 一些链接可帮助您了解“消息级别的安全性”:
Consider using "Transport" level security if your message exchange is too slow for you. 如果您的消息交换对您来说太慢,请考虑使用“传输”级别的安全性。
Try this: 尝试这个:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="securebasicHttpBinding" maxReceivedMessageSize="104857600">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="secureBehaviour" name="AccountService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="securebasicHttpBinding"
contract="IAccountService" />
</service>
<service behaviorConfiguration="secureBehaviour" name="PortalService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="securebasicHttpBinding"
contract="IPortalService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="secureBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate ...something goes here... />
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="Services.Validators.CertificateValidator, Services" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.