[英]consuming WCF service with self-signed certificate
執行消費應用程序時,它給了我以下異常:無法激活請求的服務“ https:// localhost:53996 / HistoricStatementsWS.HistoricStatements.svc ”。
當我嘗試在chrome中輸入此路徑時,它說:URI'https://ws20.intra.local:53996 / HistoricStatementsWS.HistoricStatements.svc '的注冊已經存在。
我不知道如何擺脫這些例外,到目前為止,我已經瀏覽了很多論壇。
服務器端app.config
<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
<endpoint address="HistoricStatementsWS.HistoricStatements.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
name="mexEndpoint" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://localhost:53996/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="behaviourHttps">
<useRequestHeadersForMetadataAddress />
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
客戶端Webconfig
<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
name="wsHttpEndpoint" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
對於任何有相同問題的人,我都設法通過將ip 127.0.0.1指向我的完整域名:computername.intra.local來解決了該問題。 我將服務器的Web配置中的localhost更改為我的域名(computername.intra.local),並從httpsGetUrl中刪除了域名前綴,因為baseAddress也用於此值,因此重復了https:// localhost:53996 / 。 盡管仍然存在重復的值,並且配置仍然不准確,但是至少可以從瀏覽器訪問wsdl。 瀏覽器(在我的本地計算機上)請求證書並成功進行身份驗證。
但是,我仍然不知道如何從同一網絡上的另一台計算機訪問相同的URL。 我將根證書和客戶端證書安裝在本地計算機上,但仍然出現此錯誤:“ HTTP請求被客戶端身份驗證方案“匿名”禁止。” 我在客戶端的本地出現此錯誤,但通過以編程方式調用證書解決了該錯誤。 新計算機上的相同代碼不起作用。
代碼是:
WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;
var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
我必須補充一點,不使用代理,在IIS中使用用戶IUSR打開“匿名”,根文件夾具有對IUSR,IIS_IUSRS,網絡,網絡服務的完全許可。 我首先希望從新計算機上的瀏覽器進行連接,因為這會導致錯誤:
403-禁止訪問:訪問被拒絕。 您無權使用您提供的憑據查看此目錄或頁面。
非常感謝您的答復。
賈斯汀
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.