stackoom
  简体   繁体   中英

wcf UserNamePasswordValidator class and client certificate

 原文  2014-03-09 07:27:37       c#/ wcf/ ssl

Question

I have used custom UserNamePassword Validator in wcf for security implementation.For this I have created self signed certificate.While trying to consume the web service I got the following error "Could not establish trust relationship for the SSL/TLS secure channel with authority". After googling around for a while I found that the certicate need to be install in the client. So my questions are 

1) Is it always required to install certificate on the client even if we used trusted third party?
2) Is it possible to implement UserNamePassword without any certificate?

1 answers

solution1
 0  2014-03-09 09:01:41

Question 1

No it is not required.

On server side you should add a behavior like this 

<behavior name="SecureBehavior">
  <serviceMetadata httpGetEnabled="true" />  
  <serviceCredentials>
    <!-- 
    The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.                  
    -->
    <userNameAuthentication userNamePasswordValidationMode="Custom"
                            customUserNamePasswordValidatorType="[Your.Custom.WCFUserValidator], [AssemblyName]"/>
    <!-- 
    The serviceCredentials behavior allows one to define a service certificate.
    A service certificate is used by a client to authenticate the service and provide message protection.
    This configuration references the "localhost" certificate installed during the setup instructions.
    -->
    <serviceCertificate findValue="[certificateName]" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
  </serviceCredentials>
</behavior>

Then add the behavior to the server endPoint 

<service name="[serviceName]" behaviorConfiguration="SecureBehavior">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsSecureConfig"
                  contract="[ContractName]" />
        <endpoint address="/MEX" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>

On client side you can set public portion of the service's certificate in config file something like this: 

<endpoint address="http://..."
        binding="wsHttpBinding"
        contract="..."
        name="serviceName">
      <identity>
        <certificate encodedValue="[Encoded Value]" />
      </identity>
    </endpoint>

The easy way to get the client configuration is by adding a service reference to your service in your client project through Visual Studio (Add Service Reference context menu). This will add a config file with a client end point ready to use.

添加服务参考

Question 2

If you use Custom Authentication, the client credential type must by set to UserName. This enables the user name and password to be submitted to the service to preform authentication. And Yes you must to use a certificate.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF wsDualHttpBinding and UserNamePasswordValidator WCF and client certificate authentication Client IP address in UserNamePasswordValidator How to revoke a client certificate in WCF? WCF SSL Client certificate error WCF client with Client Certificate and Basic Authentication WCF Client with both Basic and Client Certificate Authentication Revalidate Credentials on WCF UserNamePasswordValidator on each call Is there an WCF extension point that is called before UserNamePasswordValidator? WCF UserNamePasswordValidator - Access credentials after validation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM