通过SSL验证的自定义WCF客户端证书
[英]Custom WCF client certificate over ssl validation
问题描述
你好,
我正在尝试使用WCF进行一些身份验证:
- 使用用户名/密码验证用户
- 使用客户端证书对客户端进行身份验证
- 自定义接受哪个根证书
经过一番尝试和错误后,我设法使第1点和第2点正常工作,但是我坚持使用3点。这是我的服务配置
<system.serviceModel>
<behaviors>
<endpointBehaviors />
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="WcfService1.Service1">
<endpoint address="" binding="customBinding" bindingConfiguration="certificate"
contract="WcfService1.IService1" />
</service>
</services>
</system.serviceModel>
这是我的客户端配置
<client>
<endpoint name="service1" address="https://localhost:443/WcfService1/Service1.svc" binding="customBinding"
bindingConfiguration="certificate" behaviorConfiguration="certificate" contract="WcfService1.IService1" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="certificate">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName"
findValue="SignedByCA" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors />
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
使用客户端并附加用户名凭据效果很好
var channelFactory = new ChannelFactory<IService1>("service1");
var user = channelFactory.Credentials.UserName;
user.UserName = username;
user.Password = password;
使用OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets使我可以访问用户名以及证书的名称和指纹。 可悲的是,我找不到证书的IssuerName。 我还能如何禁止没有特定根证书颁发的证书的客户端?
任何暗示我正确方向的提示或任何替代方法都非常欢迎;)
谢谢
1 个解决方案
解决方案1
0 2012-08-15 14:59:34
实际上,这很容易,但是很容易。 授权上下文中有一个身份列表。
OperationContext.Current.ServiceSecurityContext
.AuthorizationContext.Properties["Identities"]
其中一个是类型X509Identity的。 那是System.IdentityModel的内部组件,您不能直接获取它。
identity.GetType().Name == "X509Identity"
没什么关系,因为包含证书的字段还是私有的:)
var field = identity.GetType().GetField(
"certificate",
BindingFlags.GetField | BindingFlags.Instance | BindingFlags.NonPublic);
var certificate = (X509Certificate2) field.GetValue(identity);
string issuer = certificate.Issuer;
在没有客户端证书的情况下在Tcp上使用Wcf SSl证书(仅限服务器端)
[英]Using Wcf SSl certificate over Tcp without client certificate (Server side only)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.