在我之前的问题 - WCF 客户端使用 WS-Security 使用 ASMX 服务之后,我需要配置一个 WCF 服务,该服务将使用 WS-Security 接收 SOAP 请求(可以在链接中找到请求示例)。
这是我的配置文件:
<system.serviceModel>
<services>
<service name="Service.Service1" behaviorConfiguration="customBindingBehavior">
<endpoint address="http://localhost/Service1.svc"
binding="customBinding"
bindingConfiguration="NewBinding0"
name="ServiceEndpoint"
contract="Service.Contracts.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="customBindingBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="xxx" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
<clientCertificate>
<certificate findValue="yyy" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="TrustedPeople" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<security authenticationMode="MutualCertificate">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
服务证书包含私钥以对响应进行签名。
客户端证书仅包含用于签署请求的客户端私钥的相应公钥。
我收到与服务证书相关的以下异常:
“证书'CN = xxxxxx'必须具有能够进行密钥交换的私钥。进程必须具有私钥的访问权限。”
我该如何解决?
提前致谢!
编辑:
我得到的例外:
System.ArgumentException: It is likely that certificate 'CN=xxx' may not have a private key that is capable of key exchange or the process may not have access rights for the private key.
at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
at System.ServiceModel.Security.AsymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)