[英]consuming WCF service with self-signed certificate
执行消费应用程序时,它给了我以下异常:无法激活请求的服务“ https:// localhost:53996 / HistoricStatementsWS.HistoricStatements.svc ”。
当我尝试在chrome中输入此路径时,它说:URI'https://ws20.intra.local:53996 / HistoricStatementsWS.HistoricStatements.svc '的注册已经存在。
我不知道如何摆脱这些例外,到目前为止,我已经浏览了很多论坛。
服务器端app.config
<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
<endpoint address="HistoricStatementsWS.HistoricStatements.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
name="mexEndpoint" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://localhost:53996/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="behaviourHttps">
<useRequestHeadersForMetadataAddress />
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
客户端Webconfig
<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
name="wsHttpEndpoint" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
对于任何有相同问题的人,我都设法通过将ip 127.0.0.1指向我的完整域名:computername.intra.local来解决了该问题。 我将服务器的Web配置中的localhost更改为我的域名(computername.intra.local),并从httpsGetUrl中删除了域名前缀,因为baseAddress也用于此值,因此重复了https:// localhost:53996 / 。 尽管仍然存在重复的值,并且配置仍然不准确,但是至少可以从浏览器访问wsdl。 浏览器(在我的本地计算机上)请求证书并成功进行身份验证。
但是,我仍然不知道如何从同一网络上的另一台计算机访问相同的URL。 我将根证书和客户端证书安装在本地计算机上,但仍然出现此错误:“ HTTP请求被客户端身份验证方案“匿名”禁止。” 我在客户端的本地出现此错误,但通过以编程方式调用证书解决了该错误。 新计算机上的相同代码不起作用。
代码是:
WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;
var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
我必须补充一点,不使用代理,在IIS中使用用户IUSR打开“匿名”,根文件夹具有对IUSR,IIS_IUSRS,网络,网络服务的完全许可。 我首先希望从新计算机上的浏览器进行连接,因为这会导致错误:
403-禁止访问:访问被拒绝。 您无权使用您提供的凭据查看此目录或页面。
非常感谢您的答复。
贾斯汀
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.