WCF与WSHttpBinding,消息安全性,clientCredentialType =“UserName”Cerificate SelfHosted问题
[英]WCF with WSHttpBinding, Message Security, clientCredentialType=“UserName” Cerificate SelfHosted Issue
问题描述
I have created a Service where I need the client to pass the credentials (username and password). 
我创建了一个服务,我需要客户端传递凭据(用户名和密码)。 This behavior requires a X509 certificate, so i started for development issues with a self-signed one using makecert.exe. 此行为需要X509证书,所以我开始使用makecert.exe进行自签名的开发问题。
Because I'm so newbie with certificates, i see that this certificate created on the IIS Server Certificates section, I need my service to be self hosted later on a windows service, for testing purposes i use a console host application and a simple winform app client. 因为我是证书的新手,我看到这个证书是在IIS服务器证书部分创建的,我需要我的服务稍后在Windows服务上自托管,出于测试目的,我使用控制台主机应用程序和一个简单的winform应用程序客户。
So my question is, How do i deploy this certificate? 所以我的问题是,我如何部署这个证书? I don't want to use IIS in anyway, I can embed the certificate where i noticed i can export as .pfx file inside the console/windows service host? 我不想在任何时候使用IIS,我可以嵌入证书,我注意到我可以在控制台/ Windows服务主机内导出.pfx文件? And how? 如何?
I'm posting my service and client config files for help on understanding what I need. 我发布了我的服务和客户端配置文件,以帮助理解我需要的东西。
Server Configuration: 服务器配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="B2B.WCF.Service.B2BService" behaviorConfiguration="wsBehavior">
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wsBehavior">
<serviceMetadata httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="B2B.WCF.Service.UserValidator, B2B.WCF.Service" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
Client Configuration: 客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<client>
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding" behaviorConfiguration="wsBehavior"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
<identity>
<dns value="MyServerCert"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="wsBehavior">
<clientCredentials>
<clientCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
Thanx in advance Thanx提前
1 个解决方案
解决方案1
3 已采纳 2010-12-22 17:34:39
Your certificates need to be imported into the Windows Certificate Store on the machine that is hosting your web service (ie "the server") and (optionally) on the machine that is using your web service (ie "the client", if it is a different machine). 您的证书需要导入到托管您的Web服务的计算机上的Windows证书存储区(即“服务器”)和(可选)导入使用您的Web服务的计算机上(即“客户端”,如果是一台不同的机器)。
You should use the Microsoft Management Console (MMC) to do this. 您应该使用Microsoft管理控制台(MMC)执行此操作。 First, you should set it up according to this article. 首先,你应该根据其设置这个文章。 Then import your certificates according to the steps in this article. 然后按照步骤导入证书此文章。 Make sure you choose the correct store for the client certificate (ie 'Personal') and root certificate (ie 'Trusted Root Certification Authorities'). 确保为客户端证书(即“个人”)和根证书(即“受信任的根证书颁发机构”)选择正确的存储。
Your web service won't start unless it finds the correct certificates that are referenced in your configuration files. 除非找到配置文件中引用的正确证书,否则您的Web服务将无法启动。 In your case, this is the "MyServerCert" certificate that you want to store in the 'Personal' store. 在您的情况下,这是您要存储在“个人”商店中的"MyServerCert"证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.