堆栈内存溢出
  简体   繁体   English

如何使用上传的证书在Azure网站上创建客户端到终结点?

[英]How can I create a client on an Azure website to an endpoint using an uploaded certificate for authentication?

 原文  2017-02-02 22:52:07       wcf/ azure-web-sites/ client-certificates

问题描述

I have a WCF service running on a server, and I created a self-signed certificate and my service references it as follows: 我有一个运行在服务器上的WCF服务,我创建了一个自签名证书,并且我的服务引用它如下: 

<behaviors>
  <serviceBehaviors>
    <behavior name="KeypadBehavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <serviceCredentials>
        <serviceCertificate findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

My ASP.NET web application needs to create a client for the Admin endpoint: 我的ASP.NET Web应用程序需要为Admin端点创建一个客户端: 

    <client>
        <endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Client"
          binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad"
          contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
        <endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Admin" binding="wsHttpBinding"
          bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged"
          name="WSHttpBinding_IKeypadPrivilleged">
            <identity>
                <certificate encodedValue="a very long unique string" />
            </identity>
        </endpoint>
    </client>

On the VM, I can create an use a Admin endpoint client. 在VM上,我可以创建一个使用Admin端点客户端。

I'm trying to migrate my application to an Azure WebApp. 我正在尝试将我的应用程序迁移到Azure WebApp。 I uploaded the same certificate on the portal. 我在门户上上传了相同的证书。 The WCF service wouldn't start, and it took some fiddling around before I tried setting the location and store values: WCF服务无法启动,在尝试设置位置和存储值之前花了一些时间: 

      <serviceCredentials>
        <serviceCertificate storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName" />
      </serviceCredentials>

The service now show's it's "welcome page". 现在,该服务显示为“欢迎页面”。 The problem I'm having now is no matter what I try for the client configuration (see attempts A,B,C,D) any attempt to create a client throws an RTE. 我现在遇到的问题是,无论我为客户端配置尝试什么(请参阅尝试A,B,C,D),任何创建客户端的尝试都会引发RTE。 

<client>
    <endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Client" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad" contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
    <endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Admin" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged" name="WSHttpBinding_IKeypadPrivilleged">
    <identity>

    <!-- Option A -->
    <!--<certificate encodedValue="a very long unique string" />-->

    <!-- Option B -->
    <!--<certificate encodedValue="a very long unique string" />
    <certificateReference
        findValue="SELFHOSTTESTCert"
        storeLocation="CurrentUser"
        storeName="My"
        x509FindType="FindBySubjectName"/>-->

    <!-- Option C -->
    <!--<certificateReference findValue="my thumbprint" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>-->

    <!-- Option D -->
    <!--<certificateReference storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>-->

  </identity>
</endpoint>
</client>

How can I create a client on an Azure website to an endpoint using an uploaded certificate? 如何使用上传的证书在Azure网站上创建客户端到终结点?

Stack trace: Server stack trace: at System.ServiceModel.Security.IssuanceTokenProviderBase 1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory 1.ClientSecurityChannel 1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings 堆栈跟踪:服务器堆栈跟踪:在System.ServiceModel.Security.IssuanceTokenProviderBase 1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory OnOpen 1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory 1.ClientSecurityChannel 1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings 1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings 1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ReliableChannelBinder 1.ChannelSynchronizer.SyncWaiter.TryGetChannel() at System.ServiceModel.Channels.ReliableChannelBinder 1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel) at System.ServiceModel.Channels.ReliableChannelBinder 1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder 1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings 1.ClientSecuritySessionChannel.OnOpen(TimeSpan超时)在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)在System.ServiceModel.Channels.ReliableChannelBinder 1.ChannelSynchronizer.SyncWaiter.TryGetChannel() at System.ServiceModel.Channels.ReliableChannelBinder (System.ServiceModel.Channels.ReliableChannelBinder 1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder 1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder 1.Request(Message message, TimeSpan timeout, MaskingMode maskingMode) at System.ServiceModel.Channels.RequestReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last) at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout) at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout) at System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel 1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder 1.Request(消息消息,TimeSpan超时,MaskingMode maskingMode)位于System.ServiceModel.Channels.RequestReliableRequestor.OnRequest(消息请求,TimeSpan超时,最后为布尔值),位于System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan超时)在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)在System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan超时)在System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan超时) System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)处的.OnOpen(TimeSpan超时),System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel通道,TimeSpan超时)处的。 System.ServiceModel.Channels.ServiceChannel上的System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan超时,CallOnceManager级联) .Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at TTAHttp.IKeypadPrivilleged.ClearTokens(String MeetingID) at LaunchTeamTimeClient.Page_Load(Object sender, EventArgs e) .Call(String action,Boolean oneway,ProxyOperationRuntime operation,System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime operation)在System.ServiceModel.Channels.ServiceChannelProxy处的Object [] ins,Object [] outs,TimeSpan超时.Invoke(IMessage消息)在[0]处引发异常:在System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&msgData,Int32类型)在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,IMessage retMsg) )在LaunchTeamTimeClient.Page_Load(Object sender,EventArgs e)的TTAHttp.IKeypadPrivilleged.ClearTokens(String MeetingID)

1 个解决方案

解决方案1
 0  2017-02-03 04:14:42

It seems that you need to add WEBSITE_LOAD_CERTIFICATES with thumbprint of certificate in the WebApp appsetting. 似乎您需要在WebApp应用程序设置中添加带有证书指纹的WEBSITE_LOAD_CERTIFICATES If it is that case, please have a try to follow the Using Certificates in Azure Websites Applications blog to add it. 如果是这种情况,请尝试按照“ 在Azure网站应用程序中使用证书”博客进行添加。 The following is the snipped from the blog. 以下是从博客中摘录的内容。

Adding an app setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application. 添加名为WEBSITE_LOAD_CERTIFICATES的应用程序设置(其值设置为证书的指纹)将使其可用于您的Web应用程序。 You can have multiple comma-separated thumbprint values or can set this value to “ * “ (without quotes) in which case all your certificates will be loaded to your web applications personal certificate store 您可以具有多个逗号分隔的指纹值,也可以将此值设置为“ *”(不带引号),在这种情况下,所有证书都将加载到Web应用程序个人证书存储中

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Azure网站实例中的客户端证书 - Use client certificate from Azure Website instance 如何正确实施客户端证书身份验证? - How do I implement Client Certificate authentication the right way? 您是否可以在azure acs中同时拥有客户端证书安全性和服务身份验证 - Can you have both client certificate security and service identity authentication in azure acs 如何在客户端站点中以编程方式更改端点地址? - How can I change the endpoint address programmatically in the client site? WCF wsHttpBinding客户端证书身份验证,不使用客户端中的存储 - WCF wsHttpBinding Client Certificate Authentication without using store in client WCF和客户端证书身份验证 - WCF and client certificate authentication 客户端证书身份验证WCF - Client certificate authentication WCF 如何使用Windows身份验证同时对IIS7托管的javascript Web客户端和WCF服务进行身份验证? - How can I simultaneously authenticate to an IIS7-hosted javascript web client and WCF service using Windows Authentication? 如何创建只能使用WCF访问的公共端点和本地端点? - How do I create a public endpoint and a local endpoint that only I can access with WCF? 如何为WCF服务创建服务器证书? - How can i create server certificate for wcf service?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM