使用BasicHttpBinding进行WCF自定义证书验证
[英]WCF custom certificate validation with BasicHttpBinding
问题描述
I have a WCF application hosted on IIS 6 that needs to 
我有一个需要在IIS 6上托管的WCF应用程序
- Have 2-way SSL authentication 具有双向SSL身份验证
- Validate client certificate content with some client host information 使用某些客户端主机信息验证客户端证书内容
- Validate client certificate is issued by the valid subCA. 验证客户端证书由有效的子CA颁发。
I was able to do 1) successfully. 我能够成功地做到1)。 I am trying to achieve 2) and 3) by following this - basically creating a class that inherits X509CertificateValidator and overriding the Validate method with my own validation implementation(step 2 and 3). 我想实现2)和3)按照本 -基本上创建继承X509CertificateValidator一类并覆盖验证方法,用我自己的验证实现(步骤2和3)。 I followed the MSDN instructions exactly however, it seem that the Validate method is not being called. 我完全遵循了MSDN指令,但似乎没有调用Validate方法。 I purposely throw a SecurityAccessDeniedException in the overidden Validate method and no exception is thrown when I tried to access the service via my browser. 我故意在覆盖的Validate方法中抛出SecurityAccessDeniedException,当我尝试通过浏览器访问服务时,不会抛出任何异常。 I can still access my website with any client certificate. 我仍然可以使用任何客户端证书访问我的网站。
I also read this thread but it didn't really help. 我也读过这个帖子,但它并没有真正帮助。 Any help would be greatly appreciated! 任何帮助将不胜感激!
Here's my configuration: 这是我的配置:
<system.serviceModel>
<services>
<service behaviorConfiguration="SimpleServiceBehavior"
name="SampleNameSpace.SampleClass">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="NewBinding0"
contract="SampleNameSpace.ISampleClass" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SimpleServiceBehavior">
<serviceMetadata httpsGetEnabled="true" policyVersion="Default" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="SampleNameSpace.MyX509CertificateValidator, SampleAssembly"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
1 个解决方案
解决方案1
0 2012-05-12 15:21:47
You can also try to override certificate validation with this ServerCertificateValidationCallback 您还可以尝试使用此ServerCertificateValidationCallback覆盖证书验证
We are using it with WCF HttpBinding in such way: 我们以这种方式将它与WCF HttpBinding一起使用:
System.Net.ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, policyErrors) =>
{
var isValid = false;
// some checking logic
return isValid;
};
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.