3

我想使用自签名证书(由 inetmgr 生成)保护 WCF 4 中的服务应用程序。

但是,我不能。当我调用服务的方法时,我有一个 MessageSecurityException:

客户端身份验证方案“匿名”禁止 HTTP 请求。

web.config文件:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
    </system.web>

    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="TransportSecurity">
                    <security mode="TransportWithMessageCredential">
                        <transport clientCredentialType="Certificate" />
                        <message clientCredentialType="Certificate"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>

        <behaviors>
            <serviceBehaviors>
                <behavior name="testingServiceBehavior">
                    <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>

        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

        <services>
            <service behaviorConfiguration="testingServiceBehavior"
                     name="Testing.Service1">

                <endpoint address=""
                          binding="wsHttpBinding"
                          bindingConfiguration="TransportSecurity"
                          contract="Testing.IService1" />

                <endpoint address="mex"
                          binding="mexHttpsBinding"
                          contract="IMetadataExchange" />
            </service>
        </services>
    </system.serviceModel>

    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>
</configuration>

我尝试使用该服务的代码是:

    public static bool validateCertificates(object sender,
                                            System.Security.Cryptography.X509Certificates.X509Certificate cert,
                                            System.Security.Cryptography.X509Certificates.X509Chain chain,
                                            System.Net.Security.SslPolicyErrors error)
    {
        return true;
    }

    private void button1_Click(object sender, EventArgs e)
    {
        System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(validateCertificates);

        WSHttpBinding binding = new WSHttpBinding();
        binding.Name = "secureBinding";

        binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

        EndpointAddress endpointAddress = new System.ServiceModel.EndpointAddress("https://rtsa.dnsalias.com:2490/Service1.svc");

        ProCell2.Servicios.Informes.Service1Client client = new Servicios.Informes.Service1Client(binding, endpointAddress);

        client.ClientCredentials.ClientCertificate.SetCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.GetInformation();  // <-------- Here cause the exception

SSL配置:

SSL 设置

4

1 回答 1

0

请将以下几行添加到您的客户端代码中:

// Disable credential negotiation and the establishment of 
// a security context.
myBinding.Security.Message.NegotiateServiceCredential = false;
myBinding.Security.Message.EstablishSecurityContext = false;

有关更多详细信息,请参阅http://msdn.microsoft.com/en-us/library/ms733102.aspx ,并参阅如果我使用 https,设置建立安全上下文 =“假”有什么影响?因为它对你的沟通的影响。

于 2011-09-17T08:17:06.837 回答