1

我有一个使用 WCF 客户端调用 Java Web 服务的 ASP.NET 应用程序。通信一直有效,直到需要证书。我更新了配置,但我在调用时收到错误。有没有人有很好的配置示例?证书存储在证书存储中。

不需要客户端证书时有效的配置:

<system.serviceModel>
    <bindings>
            <basicHttpBinding>
                <binding name="DocManagementSOAP" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="Transport">
                        <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://acme.com/services/docmanagement_V3" 
                      binding="basicHttpBinding"
                      bindingConfiguration="DocManagementSOAP"
                      contract="FileNetDmsServiceReference.docManagement" 
                      name="DocManagementSOAP" />
        </client>
    </system.serviceModel>

我尝试设置以通过客户端证书失败的配置:

 <system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="DocManagementSOAP" 
                         closeTimeout="00:01:00" 
                         openTimeout="00:01:00"
                         receiveTimeout="00:10:00" 
                         sendTimeout="00:01:00" 
                         allowCookies="false"
                         bypassProxyOnLocal="false" 
                         hostNameComparisonMode="StrongWildcard"
                         maxBufferSize="65536" 
                         maxBufferPoolSize="524288" 
                         maxReceivedMessageSize="65536"
                         messageEncoding="Mtom" 
                         textEncoding="utf-8" 
                         transferMode="Buffered"
                         useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="Transport">
                        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm=""/>
                        <message clientCredentialType="Certificate" algorithmSuite="Default"/>
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://acme.com/services/docmanagement_V3"
                      binding="basicHttpBinding"
                      bindingConfiguration="DocManagementSOAP"
                      behaviorConfiguration="CertificateBehavior"
                      contract="ServiceReference.docManagement"
                      name="DocManagementSOAP">
                <identity>
                    <dns value="cert.acme.com" />
                </identity>
            </endpoint>     
        </client>
        <behaviors>
            <endpointBehaviors>
                <behavior name="CertificateBehavior">
                    <clientCredentials>
                        <clientCertificate x509FindType="FindBySubjectName" findValue="cert.acme.com" storeLocation="LocalMachine"/>
                        <serviceCertificate>
                            <authentication certificateValidationMode="PeerOrChainTrust"
                                            revocationMode="NoCheck"
                                            trustedStoreLocation="LocalMachine" />
                        </serviceCertificate>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
    </system.serviceModel>
4

1 回答 1

1

在与 Microsoft 技术支持合作后,这个配置终于奏效了:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="DocManagementSOAP" 
                         messageEncoding="Mtom" 
                         textEncoding="utf-8">
                    <security mode="Transport">
                        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://acme.com/services/docmanagement_V3"
                      binding="basicHttpBinding"
                      behaviorConfiguration="cert"
                      bindingConfiguration="DocManagementSOAP"
                      contract="docManagement"
                      name="DocManagementSOAP" />
        </client>
        <behaviors>
            <endpointBehaviors>
                <behavior name="cert">
                    <clientCredentials>
                        <clientCertificate findValue="cert.acme.com"
                                           storeLocation="LocalMachine"
                                           storeName="My"
                                           x509FindType="FindBySubjectName"/>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
    </system.serviceModel>

注意:如果您的服务不支持 MTOM,请删除或更改 messageEncoding 属性。

于 2012-07-25T18:18:46.177 回答