我有一个项目有一个要求,即我们需要公开一个简单的 SOAP 1.1 ack/nack web 服务,该服务使用 TLS 和 WS-Security 标头中的用户名/密码进行保护。我创建了以下自定义绑定和行为
<binding name="itkService" closeTimeout="00:10:01" openTimeout="00:10:01"
receiveTimeout="00:10:01" sendTimeout="00:10:00.0000001">
<sslStreamSecurity requireClientCertificate="true" />
<security enableUnsecuredResponse="true" authenticationMode="UserNameOverTransport" includeTimestamp="true" requireSecurityContextCancellation="true">
<localClientSettings maxClockSkew="24.20:31:23.6470000" />
<localServiceSettings maxClockSkew="24.20:31:23.6470000" />
<secureConversationBootstrap authenticationMode="UserNameOverTransport" />
</security>
<customTextMessageEncoding messageVersion="Soap11WSAddressing10" mediaType="text/xml" encoding="utf-8">
<readerQuotas maxStringContentLength="1024" />
</customTextMessageEncoding>
<httpsTransport maxReceivedMessageSize="10485760" keepAliveEnabled="true" maxBufferSize="10485760" />
</binding>
<behavior name="webHttpEnablingBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication customCertificateValidatorType="ITKCore.Validation.MyCertificateValidator, ITKCore"
certificateValidationMode="Custom" />
</clientCertificate>
<serviceCertificate findValue="Sub CA" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByIssuerName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ITKCore.Validation.UsernameValidator, ITKCore" />
</serviceCredentials>
</behavior>
然而,服务请求验证逻辑的一部分声明我们必须使用提供的 TLS 证书并根据访问控制列表检查主题专有名称。我已经进行了挖掘,但看不到实际检索运输证书的方法。
有人对我将如何在 WCF 中解决这个问题有任何建议吗?