stackoom
  简体   繁体   中英

consuming WCF service with self-signed certificate

 原文  2015-09-02 08:49:43       wcf/ self-signed

Question

When I execute the consuming application it is giving me the below exception: The requested service, ' https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc ' could not be activated.

and when I try to enter this path into chrome it says: A registration already exists for URI ' https://ws20.intra.local:53996/HistoricStatementsWS.HistoricStatements.svc '.

I don't know how to get rid of these exceptions and I have been through a lot of forums so far.

SERVER-SIDE app.config 

<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
  </providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
    <endpoint address="HistoricStatementsWS.HistoricStatements.svc"
      binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="mexEndpoint" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:53996/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="behaviourHttps">
      <useRequestHeadersForMetadataAddress />
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
        httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
        policyVersion="Policy15" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

CLIENT-SIDE Webconfig 

<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpoint">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
    bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
    name="wsHttpEndpoint" />
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="endpointBehavior">
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
        <serviceCertificate>
          <authentication certificateValidationMode="None" revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

1 answers

solution1
 0  2015-09-10 09:19:26

For anyone with same problem I managed to solve the issue by directing my ip 127.0.0.1 to my full domain name: computername.intra.local. I changed localhost in the server's web config to my domain name (computername.intra.local) and removed the domain prefix from httpsGetUrl since the baseAddress is used also for this value so https://localhost:53996/ was duplicated. Although there is still duplicate values and the config is still not accurate, at least the wsdl is accessible from the browser. The browser (on my local) asks for a certificate and authenticates successfully.

However I still lack the know how of reaching the same url from a different machine on the same network. I installed the root and client certificates as they are on my local machine and still it gives this error: 'The HTTP request was forbidden with client authentication scheme 'Anonymous'.' I was having this error on my local from the client side but solved it by calling the certificate programmatically. The same code on the new machine does not work.

The code is: 

WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType =     HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;

var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");

I must add that no proxies are used, 'Anonymous' is switched on in IIS with user IUSR, root folder has full permissios to IUSR, IIS_IUSRS, Network, Network Service. I first wish to connect from the browser on new machine as this gives error:

403 -Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

Your replies are much appreciated.

Justin

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using creating self-signed certificate in WCF WCF client self-signed certificate Android connect to a WCF rest service in IIS with self-signed client-certificate authentication Accept Self-signed SSL certificate in icenium using jquery to make ajax calls to a wcf rest service? Is it possible to force the WCF test client to accept a self-signed certificate? How to accept a self-signed SSL certificate in a WCF client? Is a self-signed certificate secure enough? Why is my self-signed certificate not working? multiple services with same self-signed certificate Self-signed certificates performance in WCF scenarios
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM