使用自簽名證書的WCF服務

Question

執行消費應用程序時，它給了我以下異常：無法激活請求的服務“ https：// localhost：53996 / HistoricStatementsWS.HistoricStatements.svc ”。

當我嘗試在chrome中輸入此路徑時，它說：URI'https：//ws20.intra.local：53996 / HistoricStatementsWS.HistoricStatements.svc '的注冊已經存在。

我不知道如何擺脫這些例外，到目前為止，我已經瀏覽了很多論壇。

服務器端app.config

<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
  </providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
    <endpoint address="HistoricStatementsWS.HistoricStatements.svc"
      binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="mexEndpoint" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:53996/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="behaviourHttps">
      <useRequestHeadersForMetadataAddress />
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
        httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
        policyVersion="Policy15" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

客戶端Webconfig

<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpoint">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
    bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
    name="wsHttpEndpoint" />
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="endpointBehavior">
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
        <serviceCertificate>
          <authentication certificateValidationMode="None" revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Answer 1

對於任何有相同問題的人，我都設法通過將ip 127.0.0.1指向我的完整域名：computername.intra.local來解決了該問題。 我將服務器的Web配置中的localhost更改為我的域名（computername.intra.local），並從httpsGetUrl中刪除了域名前綴，因為baseAddress也用於此值，因此重復了https：// localhost：53996 / 。 盡管仍然存在重復的值，並且配置仍然不准確，但是至少可以從瀏覽器訪問wsdl。 瀏覽器（在我的本地計算機上）請求證書並成功進行身份驗證。

但是，我仍然不知道如何從同一網絡上的另一台計算機訪問相同的URL。 我將根證書和客戶端證書安裝在本地計算機上，但仍然出現此錯誤：“ HTTP請求被客戶端身份驗證方案“匿名”禁止。” 我在客戶端的本地出現此錯誤，但通過以編程方式調用證書解決了該錯誤。 新計算機上的相同代碼不起作用。

代碼是：

WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType =     HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;

var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");

我必須補充一點，不使用代理，在IIS中使用用戶IUSR打開“匿名”，根文件夾具有對IUSR，IIS_IUSRS，網絡，網絡服務的完全許可。 我首先希望從新計算機上的瀏覽器進行連接，因為這會導致錯誤：

403-禁止訪問：訪問被拒絕。 您無權使用您提供的憑據查看此目錄或頁面。

非常感謝您的答復。

賈斯汀