针对不受信任的 SSL 端点生成 WCF 代理
[英]Generating WCF proxy against untrusted SSL endpoint
问题描述
I need to generate a WCF proxy for a service exposed by our client.
我需要为我们的客户公开的服务生成一个 WCF 代理。 The service is locked down pretty tightly, so this is proving difficult.该服务被非常严格地锁定,所以这很困难。 Also, I'm new to WCF, so I may be missing something obvious...另外,我是 WCF 的新手,所以我可能遗漏了一些明显的东西......
The client has only opened up their firewall to our production server - so I can't generate the proxy from Visual Studio on my dev machine.客户端只向我们的生产服务器打开了防火墙 - 所以我无法在我的开发机器上从 Visual Studio 生成代理。 Also, the service is only exposed over HTTPS.此外,该服务仅在 HTTPS 上公开。 And it requires us to authenticate using a client certificate...它要求我们使用客户端证书进行身份验证......
I was hoping to run svcutil on the production box to generate the.cs files, and then copy the files locally.我希望在生产机器上运行 svcutil 来生成 .cs 文件,然后将文件复制到本地。 But svcutil refuses to run because the client is using a self-signed certificate.但是 svcutil 拒绝运行,因为客户端使用的是自签名证书。 It gives me the following error:它给了我以下错误:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
I tried adding the service's certificate as a trusted root certificate, but that doesn't work.我尝试将服务的证书添加为受信任的根证书,但这不起作用。 In the certificates MMC snap-in, I get "Windows does not have enough information to verify the certificate".在证书 MMC 管理单元中,我得到“Windows 没有足够的信息来验证证书”。
Is there some way to bypass the security check that svcutil is performing?有什么方法可以绕过 svcutil 正在执行的安全检查吗?
I can browse to the WSDL successfully from IE, when I'm remoted in to the production server.当我远程连接到生产服务器时,我可以从 IE 成功浏览到 WSDL。 I just have to click "continue to this website (not recommended)".我只需点击“继续浏览本网站(不推荐)”。 I also have to select the installed client cert, which works fine.我还必须 select 安装的客户端证书,它工作正常。 I can then download the WSDL and XSD files manually through IE.然后我可以通过 IE 手动下载 WSDL 和 XSD 文件。 So another alternative might be to generate the WCF proxy from local copies of the WSDL and XSD, instead of running svcutil against the live service.因此,另一种选择可能是从 WSDL 和 XSD 的本地副本生成 WCF 代理,而不是针对实时服务运行 svcutil。 But I don't know how to do that properly.但我不知道如何正确地做到这一点。
I tried putting the static WSDL and XSD files up on another website that we host, and changing the <xs:import schemaLocation="..."/> attributes to point to the new site.我尝试将 static WSDL 和 XSD 文件放在我们托管的另一个网站上,并将 <xs:import schemaLocation="..."/> 属性更改为指向新站点。 But when I ran svcutil against this site, I got a bunch of errors about duplicate type declarations - eg:但是当我对这个站点运行 svcutil 时,我得到了一堆关于重复类型声明的错误 - 例如:
Error: There was a validation error on a schema generated during export: Source: Line: 1 Column: 1415 Validation Error: The complexType ' http://[domain-name]/Promotions/2009-02-17:InsertReferralPromo_Response ' has already been declared.
Am I missing some obvious way to do this?我是否错过了一些明显的方法来做到这一点? Or should we just demand that the client loosen up their security?还是我们应该要求客户放松他们的安全性? :) :)
Thanks for any help you can give me...感谢你给与我的帮助...
Richard理查德
2 个解决方案
解决方案1
2 已采纳 2009-04-01 02:13:56
Your problem doesn't seem to have anything to do with security.您的问题似乎与安全性无关。 There seems to be a problem with the WSDL and schemas that you downloaded.您下载的 WSDL 和架构似乎存在问题。
One suggestion would be to put all the files in a directory on disk instead of on a web site.一个建议是将所有文件放在磁盘上的目录中,而不是 web 站点上。 If necessary, remove the schemaLocation attributes.如有必要,请删除 schemaLocation 属性。
However, it doesn't seem like that would help.但是,这似乎没有帮助。 You might try validating these files with XMLSpy.您可以尝试使用 XMLSpy 验证这些文件。
解决方案2
0 2009-06-22 16:29:48
When you browse to the WSDL, click on the certificate, view certificate, then install certificate.当您浏览到 WSDL 时,单击证书,查看证书,然后安装证书。
Then try running the svcutil again.然后尝试再次运行 svcutil。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.