使用自签名证书的WCF服务

Question

执行消费应用程序时，它给了我以下异常：无法激活请求的服务“ https：// localhost：53996 / HistoricStatementsWS.HistoricStatements.svc ”。

当我尝试在chrome中输入此路径时，它说：URI'https：//ws20.intra.local：53996 / HistoricStatementsWS.HistoricStatements.svc '的注册已经存在。

我不知道如何摆脱这些例外，到目前为止，我已经浏览了很多论坛。

服务器端app.config

<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
  </providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
    <endpoint address="HistoricStatementsWS.HistoricStatements.svc"
      binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="mexEndpoint" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:53996/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="behaviourHttps">
      <useRequestHeadersForMetadataAddress />
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
        httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
        policyVersion="Policy15" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

客户端Webconfig

<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpoint">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
    bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
    name="wsHttpEndpoint" />
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="endpointBehavior">
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
        <serviceCertificate>
          <authentication certificateValidationMode="None" revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Answer 1

对于任何有相同问题的人，我都设法通过将ip 127.0.0.1指向我的完整域名：computername.intra.local来解决了该问题。 我将服务器的Web配置中的localhost更改为我的域名（computername.intra.local），并从httpsGetUrl中删除了域名前缀，因为baseAddress也用于此值，因此重复了https：// localhost：53996 / 。 尽管仍然存在重复的值，并且配置仍然不准确，但是至少可以从浏览器访问wsdl。 浏览器（在我的本地计算机上）请求证书并成功进行身份验证。

但是，我仍然不知道如何从同一网络上的另一台计算机访问相同的URL。 我将根证书和客户端证书安装在本地计算机上，但仍然出现此错误：“ HTTP请求被客户端身份验证方案“匿名”禁止。” 我在客户端的本地出现此错误，但通过以编程方式调用证书解决了该错误。 新计算机上的相同代码不起作用。

代码是：

WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType =     HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;

var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");

我必须补充一点，不使用代理，在IIS中使用用户IUSR打开“匿名”，根文件夹具有对IUSR，IIS_IUSRS，网络，网络服务的完全许可。 我首先希望从新计算机上的浏览器进行连接，因为这会导致错误：

403-禁止访问：访问被拒绝。 您无权使用您提供的凭据查看此目录或页面。

非常感谢您的答复。

贾斯汀