2

我正在我的 wcf 服务上设置客户端证书。一切都很好。该服务需要客户端证书,我的客户端测试应用程序提供证书并且能够向服务端点之一发出请求。

不,我想实现一个自定义验证器。我创建了一个继承自 X509CertificateValidator 的新类,并在服务 Web 配置中进行了设置。我可以在 validate 方法中放置一个断点并查看它被调用。了不起的负鼠。

现在我希望能够为验证器提供自定义配置参数。X509CertificateValidator 有一个 LoadCustomConfiguration 方法,我可以覆盖它,但它没有被调用,我假设这是因为我没有在任何地方提供任何实际的自定义配置 - 如果这个假设是正确的,我如何定义我的自定义配置参数? 还是有其他方法我应该这样做?

public class CustomValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
    /// <summary>
    /// If the passed certificate is not valid according to the validation logic, this method throws a SecurityTokenValidationException. If the certificate is valid, the method returns to the caller.
    /// </summary>
    /// <param name="certificate"></param>
    public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
    {
        bool bValid = true;

        // Check that there is a certificate.
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate", "Certificate was not supplied.");
        }

        bValid = certificate.Verify() &&
            DateTime.Now <= certificate.NotAfter &&
            DateTime.Now >= certificate.NotBefore;

        if (!bValid)
        {
            throw new System.IdentityModel.Tokens.SecurityTokenValidationException("Certificate is not valid.");
        }
    }

    public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
    {
        base.LoadCustomConfiguration(nodelist);
    }
}

配置

<?xml version="1.0"?>
<configuration>

  <appSettings>    
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />    
  </appSettings>

  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>

  <system.serviceModel>

    <services>
      <service name="WCFTransportAuthCertificateCustomValidation.Service1"
               behaviorConfiguration="MapClientCertificates">
        <endpoint binding="basicHttpBinding"
                  bindingConfiguration="TransportCertificateAuthentication"
                  contract="WCFTransportAuthCertificateCustomValidation.IService1">
        </endpoint>
      </service>
    </services>

    <bindings>
      <basicHttpBinding>
        <binding name="TransportCertificateAuthentication">
          <security mode="Transport">
            <transport clientCredentialType="Certificate"></transport>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>    
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
            <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>

        <behavior name="MapClientCertificates">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>

          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="Custom" customCertificateValidatorType="X509CertificateValidation.CustomValidator, X509CertificateValidation"  />                
            </clientCertificate>
          </serviceCredentials>
        </behavior>

      </serviceBehaviors>
    </behaviors>

    <protocolMapping>
      <add binding="basicHttpsBinding" scheme="https"/>
    </protocolMapping>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>
4

0 回答 0