简而言之:我无法让我的控制台客户端连接到 WCF 服务的 https 端点,该端点托管在同一网络中的另一台 PC 上。它在调试时弹出错误: Object loginObject = client.Login(password, username); 并说:无法自动进入此服务器机器域。连接到服务器机器失败。登录失败:未知用户名或密码错误。
我没有在 IIS 上托管它,我只是从 Visual Studio 托管服务
-----更多详情请查看下方-----
我有一个托管在计算机控制台中的 wcf 服务,配置文件只有绑定、端点和行为,如下所示:
<bindings>
<wsHttpBinding>
<binding
name="HighQuotaWSHttpBinding"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
bypassProxyOnLocal="true"
maxBufferPoolSize="2147483647"
useDefaultWebProxy="false"
maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<!-- WebDataService -->
<service
behaviorConfiguration="WebDataServiceBehaviour"
name="ANameSpace">
<endpoint
address="WebDataService"
binding="wsHttpBinding" bindingConfiguration="HighQuotaWSHttpBinding"
contract="AContract"
name="WebDataServiceHttpBinding">
<!--<identity>
<dns value="" />
</identity>-->
</endpoint>
<endpoint
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange"
name="mexManagement" />
<host>
<baseAddresses>
<add baseAddress="http://mylocalip:9650/" />
<add baseAddress="https://mylocalip:9651/" />
</baseAddresses>
</host>
</service>
</services>
<!-- Definition of WebDataService behaviour -->
<behaviors>
<serviceBehaviors>
<!-- Behavior for WebserviceData interface -->
<behavior name="WebDataServiceBehaviour">
<!-- Set throttling of (concurrent) cals -->
<serviceThrottling
maxConcurrentCalls="100"
maxConcurrentSessions="100"
maxConcurrentInstances="100"/>
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="True"/>
<serviceCredentials>
<!--certificate storage path in the server -->
<serviceCertificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
<issuedTokenAuthentication allowUntrustedRsaIssuers="true"/>
<!--certificate storage path in the client -->
<clientCertificate>
<certificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebDataServiceBehaviour">
<clientCredentials>
<!--certificate storage path in the client -->
<clientCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
我通过这样做制作了自己的根证书和服务器证书:
根目录:makecert.exe -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=AuthorityName" -ss my -sr localmachine
服务器:makecert.exe -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp " Microsoft RSA SChannel 加密提供程序“-sy 12
然后使用一个名为 httpconfig.exe 的程序,我将此证书添加到端口 9651..
现在在同一网络中的另一台电脑上,我尝试制作一个简单的 C# 控制台客户端。program.cs 如下:
class Program
{
static void Main(string[] args)
{
System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) =>
{
return true;
};
wcf1.WebDataServiceClient client = new wcf1.WebDataServiceClient();
string username = "A";
string password = "A";
Object loginObject = client.Login(password, username);
Console.WriteLine("bla");
Console.ReadLine();
client.Close();
}
}
配置生成如下:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WebDataServiceHttpBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://Theipfromthepc:9651/WebDataService" binding="wsHttpBinding"
bindingConfiguration="WebDataServiceHttpBinding" contract="wcf1.IWebDataService"
name="WebDataServiceHttpBinding">
<!--<identity>
<dns value="" />
</identity>-->
</endpoint>
</client>
</system.serviceModel>