[英]Custom WCF client certificate over ssl validation
你好,
我正在嘗試使用WCF進行一些身份驗證:
經過一番嘗試和錯誤后,我設法使第1點和第2點正常工作,但是我堅持使用3點。這是我的服務配置
<system.serviceModel>
<behaviors>
<endpointBehaviors />
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="WcfService1.Service1">
<endpoint address="" binding="customBinding" bindingConfiguration="certificate"
contract="WcfService1.IService1" />
</service>
</services>
</system.serviceModel>
這是我的客戶端配置
<client>
<endpoint name="service1" address="https://localhost:443/WcfService1/Service1.svc" binding="customBinding"
bindingConfiguration="certificate" behaviorConfiguration="certificate" contract="WcfService1.IService1" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="certificate">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName"
findValue="SignedByCA" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors />
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
使用客戶端並附加用戶名憑據效果很好
var channelFactory = new ChannelFactory<IService1>("service1");
var user = channelFactory.Credentials.UserName;
user.UserName = username;
user.Password = password;
使用OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets使我可以訪問用戶名以及證書的名稱和指紋。 可悲的是,我找不到證書的IssuerName。 我還能如何禁止沒有特定根證書頒發的證書的客戶端?
任何暗示我正確方向的提示或任何替代方法都非常歡迎;)
謝謝
實際上,這很容易,但是很容易。 授權上下文中有一個身份列表。
OperationContext.Current.ServiceSecurityContext
.AuthorizationContext.Properties["Identities"]
其中一個是類型X509Identity的。 那是System.IdentityModel的內部組件,您不能直接獲取它。
identity.GetType().Name == "X509Identity"
沒什么關系,因為包含證書的字段還是私有的:)
var field = identity.GetType().GetField(
"certificate",
BindingFlags.GetField | BindingFlags.Instance | BindingFlags.NonPublic);
var certificate = (X509Certificate2) field.GetValue(identity);
string issuer = certificate.Issuer;
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.