stackoom
  简体   繁体   中英

How to avoid setting DnsEndpointIdentity on client side

 原文  2019-10-26 12:17:35       c#/ wcf/ ssl

Question

So basically I have an application where I have one client and two services that expose endpoints via netTcpBinding or netNamedPipe. Additionally, whole communication between services and client is secured with certificate(for now I'm using self-trusted one).

It is working fine, but during creation of EndpointAddress instance, I need also set DnsEndpointIdentity with the name of the certificate that is used on the service side. So it looks like this:

new EndpointAddress(serviceUrl, new DnsEndpointIdentity("MyCertificateName"));

So my question is: Is this normal? Is there a way to avoid setting it on client side?

1 answers

solution1
 1 ACCPTED  2019-10-28 05:24:02

This is a normal phenomenon, the identity could not be ignorant, it represents that the identity of the server. Third-party can impersonate the service program to let the client-side call, in order to achieve the purpose of stealing the client-side information. To ensure that the client does not find the wrong server, the hostname in the certificate(subject) must be the same as the hostname that the client provides (DNS identity). We could also use the public key of the certificate as the identity since the public key of the certificate is public to outside.

<identity>
                  <rsa value="...."/>
                </identity>

Here is a sample code to get the public key of the certificate.

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2 cert = null;
            foreach (var certificate in store.Certificates)
            {
                if (certificate.Subject.Contains("myhostname"))
                {
                    cert = certificate;
                    break;
                }
            }
            if (cert==null)
            {
                return;
            }
            //output the public key
            string xmlKey = cert.PublicKey.Key.ToXmlString(false);
            //encoded
            string encodedkey = System.Net.WebUtility.HtmlEncode(xmlKey);
            Console.WriteLine($"Public key:\n{encodedkey}");
            store.Close();
            store.Dispose();

By the way, these configurations are able to automatically generated when calling the service by using the Add Service Reference dialog.
Feel free to let me know if there is anything I can help with.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Setting Value of Label Client Side Avoid performing client side validation when typing Setting lookupfield value client-side sharepoint How to modify expression-based filters to avoid client-side evaluation in Entity Framework Core 3.0 Entity Framework Core 3.1.5: How to take a table collection logic out side of a linq query to avoid client-side evaluation error? How to avoid System.TypeLoadException unhandled exception in browser when loading Blazor client-side application ASP menu : how to avoid postback and access the selected value with a Javascript client side script Setting tracking cookie on client side vs server side? How to listen to Client Side events on Server Side Changes in Client side if we are Setting HttpCookie.HttpOnly as true
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM