![](/img/trans.png)
[英]Dotnet core web api running inside docker fails to authenticate when consuming external WCF service
[英]Fails when running WCF service with certificate
我有一个Windows服务,托管具有以下配置的WCF服务。
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="Carglass.Movil.Service.CarglassService" behaviorConfiguration="CarglassServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:9002/CarglassServiceAGI" />
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="Carglass.Movil.Service.ICarglassService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CarglassServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="CN=MWMWCF"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
证书已安装在计算机上,并且网络服务用户正在以本地管理员身份运行Windows服务。 通过运行以下命令已授予权限
netsh http add urlacl url=http://+:9002/CarglassServiceAGI user="NT AUTHORITY\NETWORK SERVICE"
...并通过管理mmc.exe中的私钥 ,为该用户提供“完全控制”权限。
但是,每次尝试运行服务时,都会遇到以下异常:
System.ArgumentException:很有可能证书“ CN = MWMWCF”可能没有能够进行密钥交换的私钥,或者进程可能没有对该私钥的访问权限。 请查看内部异常以获取详细信息。\\ r \\ n在System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()在System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider(r)在System.ServiceModel.Security。 Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement receiverRequirement)\\ r \\ n在System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement要求)\\ r \\ n在System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager \\ CreateTlsnegoServerX509TokenProvider(Required) System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement receiverRequirement,布尔型requireClientCertificate,SecurityTokenResolver&sct 解析器)\\ r \\ n,位于System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenAuthenticator(SecurityTokenRequirement TokenRequirement,SecurityTokenResolver&outOfBandTokenResolver)\\ r \\ n位于System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.SessionRenewSecurityTokenManager.CreateSecurityTokenAuthentrant(Token)在System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(TimeSpan超时)\\ r \\ n在System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan超时)\\ r \\ n在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时) \\ r \\ n在System.ServiceModel.Security.SecurityProtocolFactory.Open(布尔actAsInitiator,TimeSpan超时)\\ r \\ n在System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan超时)\\ r \\ n在System.ServiceModel.Channels。 SecurityChannelListener
1.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.SecurityChannelListener
1.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.SecurityChannelListener
1.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)\\r\\n at System.ServiceModel.Channels.SecurityChannelListener
1.OnOpen(TimeSpan超时)\\ r \\ n在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)\\ r \\ n在System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan超时) \\ r \\ n在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)\\ r \\ n在System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan超时)\\ r \\ n在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)\\ r \\ n位于System.ServiceModel.Channel s.CommunicationObject.Open()\\ r \\ n在c:\\ TeamCity \\ buildAgent \\ work \\ MWM-Refactor \\ MWM.Service \\ MWM.Service中的MWM.Service.WindowsService.AGI.ServiceController.OnStart(String [] args) .WindowsService.AGI \\ ServiceController.cs:第45行
如果将其从配置中删除,则工作正常:
<message clientCredentialType="Certificate"/>
这篇文章介绍了如何正确构建证书以及如何安装证书,以提供足够的权利使所有证书正常工作: http : //returnsmart.blogspot.co.uk/2015/10/how-to-create-your-own-signed html的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.