堆栈内存溢出
  繁体   English   中英

WCF服务和自定义CA

[英]WCF service and custom CA

 原文  2016-04-07 07:47:09       c#/ wcf/ ssl/ ssl-certificate/ ca

问题描述

我已经使用openssl创建了自定义证书颁发机构(CA)。 然后,我使用上一个证书和IIS的请求创建了证书。 所以现在我有了证书链。 然后,我将第二个绑定到我的WCF服务,一切都很好。 然后在客户端上,我已经在受信任的根证书颁发机构中安装了CA证书,以使其能够识别我的自定义证书。 我的WCF服务当前在简单的http连接上运行。 服务器端: 

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="None">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

客户端: 

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IMainService" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00">
                <security mode="None" />
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMainService"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService" />
    </client>
</system.serviceModel>

因此,我需要更改此设置以支持SSL连接。 我已经读了很多文章,但是总是使用两路认证检查,这意味着服务器必须检查客户端证书,而客户端必须检查服务器证书。 但是我只希望客户端使用我安装的CA检查服务器证书。 服务器将像以前一样使用普通凭据(用户名,密码)进行检查。 我认为我必须将安全模式更改为“传输双方”,并将服务器mex端点更改为mexHttpsBinding,但下一步该怎么做? 请帮助解决。 谢谢大家!

1 个解决方案

解决方案1
 0 已采纳  2016-04-07 11:57:03

终于我找到了正确的方法! 所以服务器端: 

    <system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceCredentials>
                <serviceCertificate
                    findValue = "*.mydomain.com"
                    storeLocation = "LocalMachine"
                    storeName = "My"
                    x509FindType = "FindBySubjectName"
                    />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
            <host>
                <baseAddresses>
                    <add baseAddress="http://localhost:8095/Design_Time_Addresses/SyncWcfServices/MainService/" />
                </baseAddresses>
            </host>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

客户端: 

    <system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name = "ServiceCertificate">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode = "ChainTrust"/>
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://localhost/SyncService/SyncService.svc"
         binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize"
         behaviorConfiguration = "ServiceCertificate"
         contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService">
        </endpoint>             
    </client>
</system.serviceModel>

希望能对某人有所帮助! 另请参阅Juval Lowy和Michael Montgomery撰写的“ Programming WCF Services”(第4版)书。 这是一本很棒的书!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF自定义服务行为 将自定义WCF消息发送到服务 WCF数据服务自定义实现 WCF服务上的自定义基本身份验证 将自定义对象传递给Windows Workflow WCF服务 在WCF服务中处理自定义肥皂标题 将自定义对象从WCF服务传递到客户端 将自定义WSDL绑定到现有的WCF服务 WCF服务向客户端抛出自定义异常 具有相同类的自定义ServiceContract的WCF数据服务
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM