[英]Does the client need a certificate for username authentication in WCF
Does the client need to install a certificate, when using username athentication on a wsHttpBinding with WCF, or is this only needed on the host? 在带有WCF的wsHttpBinding上使用用户名认证时,客户端是否需要安装证书?还是仅在主机上需要? And in any case, does this certificate need to be signed by a third party or will it also work with a self signed one? 在任何情况下,此证书是否需要由第三方签名,或者也可以与自签名证书一起使用?
My understanding is that i can use a selfSigned certificate and set 我的理解是,我可以使用自签名证书并进行设置
<authentication certificateValidationMode="None" />
on the server side. 在服务器端。 Is this correct? 这个对吗?
And one more thing. 还有一件事。 Do i need to put the cert in any specific store, if i use a self signed cert, or is that all the same? 如果我使用自签名证书,是否需要将证书放在任何特定的商店中? - Answer to self: The store is of no importance as long as the right store is set in code. -自我回答:只要在代码中设置了正确的存储,存储就不重要了。
WCF will not permit username authentication without transport mode security which means that you need a certificate. 如果没有传输模式安全性,WCF将不允许用户名身份验证,这意味着您需要证书。
There two ways, as far as I known, to get a proper certificate: 据我所知,有两种方法可以获取适当的证书:
Now you should have the following files (the names are for demonstrative purposes): 现在,您应该拥有以下文件(名称用于说明目的):
Then you can do the following: 然后,您可以执行以下操作:
On the server, in the local computer certificate store: 在服务器上,在本地计算机证书存储中:
On the client, in the local computer certificate store: 在客户端上,在本地计算机证书存储中:
Finally on the configuration file of both client and service set: 最后在客户端和服务集的配置文件上:
<authentication certificateValidationMode="ChainTrust"/>
which will ensure that only certificates that can chain up to a certificate authority in the Trusted Root Store will be valid. 这将确保只有可以链接到“受信任的根存储”中的证书颁发机构的证书才有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.