0

我们正在使用 Windows azure Web 角色来托管 WCF 服务。此 WCF 服务已启用证书身份验证。RootCertificate 和服务器证书上传到托管服务 - 证书部分。在部署期间,这些证书会自动安装在 Azure 角色的 CurrentUser、My store 上。

一切正常。当我们升级我们的服务时,问题就开始了。升级后,职业出现多个x509证书错误。我们正在通过指纹查找证书,那么应该没有任何机会通过多个指纹查找证书。

有人遇到过类似的问题,但没有发布解决方案。请参考 http://social.msdn.microsoft.com/forums/en-US/wcf/thread/aa2ce0e3-4ee7-4d6e-8ea8-0ac1f75e912b/

Web.config 文件如下。我已经删除了实际的指纹值。

  <behavior name="customBehavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="Custom"
                          customCertificateValidatorType="CCP.Hosting.Provisioning.WebRole.Authentication.Implementation.X509CertificateValidator,CCP.Hosting.Provisioning.WebRole"
                          revocationMode="NoCheck"/>
        </clientCertificate> 
        <serviceCertificate
          findValue="{ThumbPrint}"
          x509FindType="FindByThumbprint"
          storeLocation="CurrentUser"
          storeName="My"/>
      </serviceCredentials>

      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
    <wsHttpBinding>
    <binding name="customWsHttpBinding" receiveTimeout="00:15:00" sendTimeout="00:05:00" maxReceivedMessageSize="400000000">
      <readerQuotas maxDepth="5000000" maxStringContentLength="50000000"
      maxArrayLength="50000000" maxBytesPerRead="50000000" />
      <security mode="Message">
        <message clientCredentialType="Certificate"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>


<services>
  <service name="CCP.Hosting.Provisioning.WebRole.ProvisioningService" behaviorConfiguration="customBehavior" >
    <endpoint binding="wsHttpBinding" bindingConfiguration="customWsHttpBinding"
      address="" contract="CCP.Provisioning.Web.Interfaces.IProvisioningService" />
    <endpoint address="mex" binding="mexHttpBinding"          contract="IMetadataExchange" />
  </service>
</services>

有时我们会遇到错误。我已从以下错误中删除指纹。

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 7/11/2012 11:51:16 AM 
Event time (UTC): 7/11/2012 11:51:16 AM 
Event ID: 841596aaed284171896138a00b734fe3 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 0 

Application information: 
    Application domain: /LM/W3SVC/1273337584/ROOT-1-129864806465987458 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: E:\sitesroot\0\ 
    Machine name: RD00155D3AAD31 

Process information: 
    Process ID: 3432 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 

Exception information: 
    Exception type: InvalidOperationException 
    Exception message: Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindByThumbprint', FindValue '{Thumbprint}'. Provide a more specific find value.
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
   at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
   at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[T](ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at Unity.Wcf.UnityServiceHost..ctor(IUnityContainer container, Type serviceType, Uri[] baseAddresses)
   at Unity.Wcf.UnityServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
   at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)



Request information: 
    Request URL: http://abcd.cloudapp.net/blahblah.svc 
    Request path: /ProvisioningService.svc 
    User host address: 210.18.83.151 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 

Thread information: 
    Thread ID: 8 
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
    Is impersonating: False 
    Stack trace:    at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
   at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
   at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[T](ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at Unity.Wcf.UnityServiceHost..ctor(IUnityContainer container, Type serviceType, Uri[] baseAddresses)
   at Unity.Wcf.UnityServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
   at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
4

0 回答 0