0

编辑:我有点忘了这个问题!我最终重新映射了配置,错误消失了,我找不到原因。

我有一个托管在 IIS 上的 WCF 服务,以及一个尝试连接到它的 Windows 窗体客户端。

WCF 服务应该受到保护,因此 IIS Web 应用程序配置为使用由域(CA 在域上)颁发的证书,该证书颁发给我们的开发环境的“localhost”。

IIS 上的 SSL 设置设置为“需要 SSL”和“客户端证书 = 需要”。

WCF服务使用自定义绑定,web.config中的配置如下:

  <diagnostics>
    <messageLogging logEntireMessage="true" logMalformedMessages="true"
      logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
  </diagnostics>
  <services>
    <service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
      <endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
        <!--<identity>
          <dns value="localhost" />
        </identity>-->
      </endpoint>
      <!--<host>
        <baseAddresses>
          <add baseAddress="http://localhost:8999/" />
        </baseAddresses>
      </host>-->
    </service>
  </services>
  <bindings>
    <customBinding>
      <binding name="CustomBindingConfiguration">
        <MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />

        <httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />


      </binding>
    </customBinding>

  </bindings>
  <behaviors>
    <serviceBehaviors>
      <behavior name="SpecificBehaviorType">
        <!-- To avoid disclosing metadata information, 
      set the value below to false and remove the metadata endpoint above before deployment -->
        <serviceMetadata httpGetEnabled="True"/>
        <!-- To receive exception details in faults for debugging purposes, 
      set the value below to true.  Set to false before deployment 
      to avoid disclosing exception information -->
        <serviceDebug includeExceptionDetailInFaults="True" />
      </behavior>
    </serviceBehaviors>
  </behaviors>
</system.serviceModel>

为了使客户端能够连接到服务,我们将“localhost”证书导出​​为“localhost.cer”文件并在我们的代码中使用该文件(这应该是另一个特定于客户端的受信任证书,但我们使用的是 localhost用于测试目的)。客户端配置是以编程方式完成的(据我所知,这里没有具体原因)。

客户端代码如下:

 Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
        'TODO: set quotas for message size
        Dim binding As New CustomBinding()
        binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
        'TODO: make configurable to support both http and https
        If isHttps Then
            Dim httpsBinding As New HttpsTransportBindingElement

            binding.Elements.Add(httpsBinding)
        Else
            Dim transport As New HttpTransportBindingElement()
            binding.Elements.Add(transport)
        End If

        Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))

        channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))

        If isHttps Then
            For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
                If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
                    CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
                    Exit For
                End If
            Next

        End If

        channelFactory.Open()
        Dim channel = channelFactory.CreateChannel()
        channel.Open()

现在的问题是,一旦我们尝试建立连接,我们就会得到“HTTP 请求被客户端身份验证方案‘匿名’禁止”

我们试图改变:

httpsBinding.AuthenticationScheme

但没有用。

我错过了什么?

4

1 回答 1

0

您是否尝试配置 IIS 客户端证书映射?看看这篇文章 http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication

于 2013-06-17T07:58:51.963 回答