1

我正在尝试customBinding使用 SOAP 1.2、TLS 和客户端证书创建一个调用 Web 服务。据我了解,这仅适用于customBinding.

我已经定义了以下行为:

<behaviors>
    <endpointBehaviors>
        <behavior name="TehRightBehaviour">
            <clientCredentials>
                <serviceCertificate>
                    <defaultCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
                    <authentication revocationMode="NoCheck" certificateValidationMode="None" />
                </serviceCertificate>
            </clientCredentials>
        </behavior>
    </endpointBehaviors>
</behaviors>

客户端确实找到了证书,如果我指定了错误的名称,它会引发错误。我的绑定看起来像:

<customBinding>
    <binding name="TehRealBinding">
        <transactionFlow />
        <textMessageEncoding messageVersion="Soap12" />
        <security authenticationMode="MutualCertificate" />
        <httpsTransport requireClientCertificate="true" />
    </binding>
</customBinding>

我把它结合在终点,比如:

<client>
    <endpoint address="https://hestia1:8081/cm/main"
        behaviorConfiguration="TehRightBehaviour"
        binding="customBinding"
        bindingConfiguration="TehRealBinding"
        contract="BrightMain.CMMainService"
        name="cmmain" />
</client>

问题是,如果我调用 Web 服务,它会引发一个异常说

“未提供客户端证书。在 ClientCredentials 中指定客户端证书。”

我发现有几点可以指定证书,显然我用错了。所以我的问题是:哪个是正确的?

在此先感谢,克里斯托夫

Edit: Perhaps, I should learn to read, because specifying the <serviceCertificate> is obivously not suffictient. I will check this now...

4

2 回答 2

2

I should be like this

<behavior name="TehRightBehaviour">
    <clientCredentials>
        <!-- clientCertificate not defaultCertificate -->
        <clientCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
        <serviceCertificate>
            <authentication revocationMode="NoCheck" certificateValidationMode="None" />
        </serviceCertificate>
    </clientCredentials>
</behavior>
于 2012-04-20T09:26:39.057 回答
1

I Installed the certificate under "Personal" and used following code and it worked for me.

X509Store keystore = new X509Store(StoreName.My, StoreLocation.CurrentUser);              
keystore.Open(OpenFlags.ReadOnly);

var certificates = keystore.Certificates;
foreach (var certificate in certificates)
{
    var friendlyName = certificate.FriendlyName;
    var xname = certificate.GetName();
}
X509Certificate certificatex = certificates[0];
X509Certificate2Collection certs = keystore.Certificates.Find(X509FindType.
            FindBySubjectName, "Name of subject", false);

and then you will pass it in your client request

xyzClient.ClientCredentials.ClientCertificate.Certificate = certs[0];
于 2012-10-16T21:00:34.880 回答