[英]Calling WCF BasicBinding service from .Net Core 3.1
I have a WCF SOAP service on IIS that uses basicHttpBinding
and is configured to require client certificate:我在 IIS 上有一个 WCF SOAP 服务,它使用
basicHttpBinding
并配置为需要客户端证书:
<basicHttpBinding>
<binding>
<readerQuotas/>
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</basicHttpBinding>
I have to call that service from .Net Core 3.1 app.我必须从 .Net Core 3.1 应用程序调用该服务。 Here is what I have:
这是我所拥有的:
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
ChannelFactory<PaymentRequestService> factory = new ChannelFactory<PaymentRequestService>(binding, new EndpointAddress(new Uri(_apiOptions.Value.PaymentRequestServiceEndpoint)));
factory.Credentials.ClientCertificate.Certificate = GetClientCertificate(certBase64, certPass); // X509Certificate2
PaymentRequestService client = factory.CreateChannel();
var rx = client.SavePaymentRequestAsync(myRequest);
When I check the factory in debug I see that client credential certificate (SHA256) is there, however it looks like the client credential doesn't reach the webservice, because I keep getting The HTTP request was forbidden with client authentication scheme 'Anonymous'当我在调试中检查工厂时,我看到客户端凭据证书(SHA256)在那里,但是看起来客户端凭据没有到达网络服务,因为我不断收到HTTP 请求被禁止使用客户端身份验证方案“匿名”
It makes no difference if I use BasicHttpSecurityMode.TransportWithMessageCredential
or set the certificate using factory.Credentials.ClientCertificate.SetCertificate()
如果我使用
BasicHttpSecurityMode.TransportWithMessageCredential
或使用factory.Credentials.ClientCertificate.SetCertificate()
设置证书没有区别
Any ideas?有任何想法吗?
Turns out starting with Windows Server 2012 you need to set SendTrustedIssuerList
and ClientAuthTrustMode
registry settings in HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL原来从 Windows Server 2012 开始,您需要在 HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL 中设置
SendTrustedIssuerList
和ClientAuthTrustMode
注册表设置
https://configmgrblog.com/2014/02/23/configmgr-2012-r2-internet-facing-mp-windows-server-2012-r2-note/ https://configmgrblog.com/2014/02/23/configmgr-2012-r2-internet-looking-mp-windows-server-2012-r2-note/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.