stackoom
  简体   繁体   中英

Client certificate authentication WCF

 原文  2013-10-01 14:31:25       wcf/ iis/ certificate/ client-certificates

Question

So I'm completely lost with certificates. I've searched all over the web for solutions and tutorials for this and found nothing that can really help me. What I'm trying to do is to have both server and client certificate validation for my WCF client-server application. The application is hosted on IIS. I want it on my dev computer (the server is localhost) and in test (where im the client and the server is a windows server).

the configuration I have now is:

Client: 

<behaviors>
  <endpointBehaviors>
    <behavior name="myBehaviorConfig">
      <clientCredentials>
        <clientCertificate findValue="CN=MyTestClientCertificate"
                            storeLocation="LocalMachine"
                            x509FindType="FindBySubjectDistinguishedName"/>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="MyBindingConfig">
      <security mode="TransportWithMessageCredential">
        <transport realm=""/>
        <message clientCredentialType="Certificate"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<client>
  <endpoint address="https://localhost/Service.Calculator.svc"
            binding="wsHttpBinding"
            bindingConfiguration="MyBindingConfig"
            behaviorConfiguration="MyBehaviorConfig"
            contract="Service.ICalculator"
            name="ICalculatorServiceEndpoint">
    <identity>
      <servicePrincipalName value="host"/>
    </identity>
  </endpoint>    
</client>

Server: 

 <behaviors>
  <serviceBehaviors>
    <behavior name="myBehavior">
      <serviceCredentials>
        <serviceCertificate findValue="CN=MyTestRootCA"
                            storeLocation="LocalMachine"
                            x509FindType="FindBySubjectDistinguishedName"/>
        <userNameAuthentication userNamePasswordValidationMode="Windows"/>
        <clientCertificate>
          <authentication certificateValidationMode="PeerOrChainTrust"/>
        </clientCertificate>
      </serviceCredentials>
      <serviceMetadata httpsGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="true"/>
      <unity operationContextEnabled="true"
             instanceContextEnabled="true"
             contextChannelEnabled="true"
             serviceHostBaseEnabled="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="MyBinding">
      <security mode="TransportWithMessageCredential">
        <transport realm=""/>
        <message clientCredentialType="Certificate"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<services>
  <service name="Service.Calculator"
           behaviorConfiguration="myBehavior">
    <endpoint address=""
              binding="wsHttpBinding"
              bindingConfiguration="MyBinding"
              contract="Service.ICalculator" />
    <endpoint address="mex"
              binding="mexHttpsBinding"
              contract="IMetadataExchange"
              name="CalculatorServiceMex" />
  </service>
</services>

"CN=MyTestRootCA" is the "Authority" the "Creating" certificate and I put him in the trusted root certificates on the localComputer as well as in the personal directory in the local computer. And it is the issuer of the client certificate "CN=MyTestClientCertificate".

Few things..

I know that the client certificate should be in the CurretUser directory in the "MMC" but when its there i have an exception that the app can't find the certificate. I tried locating it by "FindBySubjectDistinguishedName" and with "FindByThumbprint", both time was the same exception "Cant find certificate with the given criteria ..." so i put it in the LocalMachine and its fine. Any one has an idea why it didn't work?

I had lots of problems and exceptions with this =\\ the current one is: "The private key is not presented in the X.509 certificate" Anybody familiar with this exception and know how to fix it?

thanks a lot for your answers, i'm sitting on this for few days now

1 answers

solution1
 1  2013-10-01 15:31:21

Your configuration file does not specify the clientCertificate storeLocation value, therefore the client certificate needs to be in the LocalMachine store, which is the default value for storeLocation.

Consider the following example from msdn which sets the client certificate store location: 

<clientCertificate>
   <certificate 
         findValue="www.cohowinery.com" 
         storeLocation="CurrentUser" 
         storeName="TrustedPeople"
         x509FindType="FindByIssuerName" />
   <authentication …

Note: the other error, “The private key is not presented in the X.509 certificate”, is mostly likely thrown because your certificate does not have an associated private key or your process' user context does not have permission to access the private key.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF and client certificate authentication WCF Client with both Basic and Client Certificate Authentication Tomcat Application to WCF Service with Client Certificate Authentication Does the client need a certificate for username authentication in WCF WCF Client Certificate Validation + Windows Authentication Configure WCF service client with certificate authentication programmatically selfhosted WCF-Service + client certificate authentication WCF wsHttpBinding Client Certificate Authentication without using store in client Wcf with client certificate authentication doesn't work with soapui Self-Hosted Wcf Service with Certificate client authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM