堆棧內存溢出
  簡體   English   中英

WCF服務和自定義CA

[英]WCF service and custom CA

 原文  2016-04-07 07:47:09       c#/ wcf/ ssl/ ssl-certificate/ ca

問題描述

我已經使用openssl創建了自定義證書頒發機構(CA)。 然后,我使用上一個證書和IIS的請求創建了證書。 所以現在我有了證書鏈。 然后,我將第二個綁定到我的WCF服務,一切都很好。 然后在客戶端上,我已經在受信任的根證書頒發機構中安裝了CA證書,以使其能夠識別我的自定義證書。 我的WCF服務當前在簡單的http連接上運行。 服務器端: 

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="None">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

客戶端: 

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IMainService" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00">
                <security mode="None" />
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMainService"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService" />
    </client>
</system.serviceModel>

因此,我需要更改此設置以支持SSL連接。 我已經讀了很多文章,但是總是使用兩路認證檢查,這意味着服務器必須檢查客戶端證書,而客戶端必須檢查服務器證書。 但是我只希望客戶端使用我安裝的CA檢查服務器證書。 服務器將像以前一樣使用普通憑據(用戶名,密碼)進行檢查。 我認為我必須將安全模式更改為“傳輸雙方”,並將服務器mex端點更改為mexHttpsBinding,但下一步該怎么做? 請幫助解決。 謝謝大家!

1 個解決方案

解決方案1
 0 已采納  2016-04-07 11:57:03

終於我找到了正確的方法! 所以服務器端: 

    <system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceCredentials>
                <serviceCertificate
                    findValue = "*.mydomain.com"
                    storeLocation = "LocalMachine"
                    storeName = "My"
                    x509FindType = "FindBySubjectName"
                    />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
            <host>
                <baseAddresses>
                    <add baseAddress="http://localhost:8095/Design_Time_Addresses/SyncWcfServices/MainService/" />
                </baseAddresses>
            </host>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

客戶端: 

    <system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name = "ServiceCertificate">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode = "ChainTrust"/>
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://localhost/SyncService/SyncService.svc"
         binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize"
         behaviorConfiguration = "ServiceCertificate"
         contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService">
        </endpoint>             
    </client>
</system.serviceModel>

希望能對某人有所幫助! 另請參閱Juval Lowy和Michael Montgomery撰寫的“ Programming WCF Services”(第4版)書。 這是一本很棒的書!

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 WCF自定義服務行為 將自定義WCF消息發送到服務 WCF數據服務自定義實現 WCF服務上的自定義基本身份驗證 將自定義對象傳遞給Windows Workflow WCF服務 在WCF服務中處理自定義肥皂標題 將自定義對象從WCF服務傳遞到客戶端 將自定義WSDL綁定到現有的WCF服務 WCF服務向客戶端拋出自定義異常 具有相同類的自定義ServiceContract的WCF數據服務
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM