具有自定義證書驗證的WCF Web服務

Question

我正在托管具有自定義證書驗證的WCF Web服務，但無法正確配置它。 當我嘗試獲取WebService的WSDL時，下面出現編譯錯誤。 我究竟做錯了什么？

謝謝

編輯：

我研究了以下內容： WCF服務中的自定義證書驗證和clientCertificate元素的身份驗證，以及如何：創建一個使用自定義證書驗證器和X.509證書驗證器的服務 ，但這些鏈接都沒有描述我遇到的問題。

編譯錯誤消息：

Could not load file or assembly 'service' or one of its dependencies. The system cannot find the file specified.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
Exception Details: System.IO.FileNotFoundException: Could not load file or assembly 'service' or one of its dependencies. The system cannot find the file specified.
Source Error: 
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

web.config中：

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Message">
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyServiceBehavior">
          <serviceMetadata httpsGetEnabled="true" httpsGetUrl="" />
          <serviceDebug includeExceptionDetailInFaults ="true"/>
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="Custom" customCertificateValidatorType = "MyProject.MyX509CertificateValidator, service"/>
            </clientCertificate>
            <serviceCertificate findValue="hashvalue" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="clientBehavior">
          <clientCredentials>
            <serviceCertificate>
              <authentication certificateValidationMode="Custom"  customCertificateValidatorType="MyProject.MyX509CertificateValidator, client"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <services>
      <service name="MyProject.MyProjectWCF" behaviorConfiguration="MyServiceBehavior">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="MyProject.IMyProjectWCF" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>

WCF代碼：

Imports System.ServiceModel
Imports System.ServiceModel.Description
Imports System.IdentityModel.Selectors
Imports System.Security.Cryptography.X509Certificates
Imports System.IdentityModel.Tokens
Imports System.ServiceModel.Security

Namespace MyProject
    ' NOTE: You can use the "Rename" command on the context menu to change the class name "MyProjectWCF" in code, svc and config file together.
    <ServiceBehavior()> _
    Public Class MyProjectWCF
        Implements IMyProjectWCF

        Public Function HelloWorld() As String Implements IMyProjectWCF.HelloWorld
            Return "nameSpace: [" + Me.GetType().Namespace + "]" + vbNewLine + "Normal response"
        End Function

        Sub New()
            Dim serviceHost As New ServiceHost(GetType(MyProjectWCF))
            Try
                serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom
                serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = New MyX509CertificateValidator("CN=MyCertificate")
                serviceHost.Open()
                'serviceHost.Close()
            Finally
                'serviceHost.Close()
            End Try
        End Sub
    End Class

    Public Class MyX509CertificateValidator
        Inherits X509CertificateValidator
        Private allowedIssuerName As String

        Public Sub New(ByVal allowedIssuerName As String)
            If allowedIssuerName Is Nothing Then
                Throw New ArgumentNullException("allowedIssuerName")
            End If
            Me.allowedIssuerName = allowedIssuerName
        End Sub

        Public Overrides Sub Validate(ByVal certificate As X509Certificate2)
            ' Check that there is a certificate.
            If certificate Is Nothing Then
                Throw New ArgumentNullException("certificate")
            End If
            ' Check that the certificate issuer matches the configured issuer.
            If allowedIssuerName <> certificate.IssuerName.Name Then
                Throw New SecurityTokenValidationException _
                  ("Certificate was not issued by a trusted issuer")
            End If
        End Sub
    End Class
End Namespace

接口代碼：

Imports System.ServiceModel
Imports System.Security.Permissions

Namespace MyProject
    ' NOTE: You can use the "Rename" command on the context menu to change the interface name "IMyProjectWCF" in both code and config file together.
    <ServiceContract([Namespace]:="MyProject")> _
    Public Interface IMyProjectWCF
        <OperationContract()> _
        Function HelloWorld() As String
    End Interface
End Namespace

編輯2（修復）：

將默認構造函數插入證書驗證器類：

    Public Sub New()
        Me.New("CN=yourCertificate here")
    End Sub

然后，我不得不弄清楚我網站的項目名稱是App_Code，它與其他頁面一起編譯到一個DLL中，即APP_Code.dll。 web.config中的最后一行如下所示：

<authentication certificateValidationMode="Custom" customCertificateValidatorType="MyProject.MyX509CertificateValidator, App_Code"/>

因此，現在沒有編譯錯誤，我得到了WSDL。 謝謝您的幫助 ：）

Answer 1

我認為你必須改變這個

customCertificateValidatorType =“ MyProject.MyX509CertificateValidator，服務” />

至

customCertificateValidatorType =“ MyProject.MyX509CertificateValidator，MyProject” />

因為“服務”不在您的名稱空間中。 也許您是從MSDN粘貼的，但是您必須認為以前稱為“服務”的MSDN WCF演示項目（“ 101個示例”）。