我正在与公开 Java Web 服务的供应商合作。我创建了一个 WCF 客户端来使用他们的服务,但是客户端证书存在一些问题。供应商声称我们的请求不包含客户端证书并拒绝我们的请求。我不是 100% 相信这是在我们这边,但想确保我没有遗漏证书配置中的任何内容。
应用程序配置
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior">
<clientCredentials>
<clientCertificate findValue="[CLIENT_CERT_NAME]" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<bindings>
<basicHttpBinding>
<binding name="VendServiceBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://[SERVICE_URL]/Vend/VendService"
binding="basicHttpBinding" bindingConfiguration="VendServiceBinding"
contract="VendService" name="VendService" behaviorConfiguration="NewBehavior" />
</client>
</system.serviceModel>
客户端.cs
VendServiceClient client = new VendServiceClient("VendService");
createMemberResponse response = new createMemberResponse();
createMember member = new createMember();
// Check Certificate Just Before Executing
string certCheck = Environment.NewLine + "Check Certificate Just Before Executing - ClientCredentials Name: " + client.ClientCredentials.ClientCertificate.Certificate.GetNameInfo(
System.Security.Cryptography.X509Certificates.X509NameType.SimpleName
, false) + Environment.NewLine;
member = GetCreateMember(reader, siteConfig, recordID);
response = client.createMember(member);
returnStatus = response.VendHeader.ReturnStatus;
DetailedErrorMessage = response.VendBody.Vend.DetailedErrorMessage;
在执行过程中,我可以检查“certCheck”并查看证书的名称,所以我知道我是从证书存储中取出它的。我还假设这意味着当我向“client.createMember()”发出请求时应该附加证书。我得到的错误是通过对供应商正在执行的证书的一些自定义验证......也许问题出在他们的验证上???
当我安装证书(.pfx)时,我需要输入密码,我是否也需要这个密码才能使用证书?我没有在配置或代码中的任何地方添加它。
关于如何确认我的请求包含客户证书的任何想法?
[更新] 我终于能够运行 Fiddler,我期待在标题中看到一些证书详细信息,但这就是我所拥有的。这是否意味着我没有发送证书?
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<ActivityId xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" CorrelationId="10afd012-1130-42ea-aaa8-281c9fab723a">395f129c-fd59-48b1-a19d-387bbffe1465</ActivityId>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<createMember xmlns="http://[SERVICE_URL]/Vend/VendService">
<createMember xmlns="">
<VendHeader>
[更新]我有提琴手工作,看着“隧道到”行我可以看到服务器的证书,但我自己的客户端证书没有。还是一头雾水,应该是这里吧?
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 10:37:08.575
Connection: close
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls
Cipher: Rc4 128bits
Hash Algorithm: Md5 128bits
Key Exchange: RsaKeyX 2048bits
== Server Certificate ==========