我正在尝试使用将 ClientCredentialType 设置为“无”的压缩和消息安全性来实现自定义 WS 绑定。该服务已配置并成功运行。我还设法配置客户端并成功运行它。但是,我需要以编程方式设置客户端,因此当我尝试将客户端配置转换为代码时,我收到错误消息“未为目标“xxx”提供服务证书。在 ClientCredentials 中指定服务证书。我正在使用自动生成的代理客户端,并且我遵循建议来覆盖客户端构造函数并直接在 ClientCredentials 或客户端端点行为中指定服务证书CertificateValidationMode ,但仍然没有运气。
我将不胜感激任何帮助解决这个问题。作为参考,我在下面包含了配置及其代码翻译。
客户端配置:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="customWSBinding" sendTimeout="00:15:00">
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
</security>
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding"/>
<httpTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False"
maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
authenticationScheme="Anonymous" bypassProxyOnLocal="False" realm="" useDefaultWebProxy="True"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address=""
binding="customBinding"
bindingConfiguration="customWSBinding"
behaviorConfiguration="ClientBehavior"
contract="IService"
name="ServiceEndpoint">
<identity>
<dns value="contoso.com"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
等效代码:
SecurityBindingElement securityElement = SecurityBindingElement.CreateSecureConversationBindingElement(SecurityBindingElement.CreateAnonymousForCertificateBindingElement());
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
GZipMessageEncodingBindingElement encodingElement = new GZipMessageEncodingBindingElement();
TextMessageEncodingBindingElement txtMsgBE = new TextMessageEncodingBindingElement();
encodingElement.InnerMessageEncodingBindingElement = txtMsgBE;
HttpTransportBindingElement httpTransportElement = new HttpTransportBindingElement();
httpTransportElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpTransportElement.ManualAddressing = false;
httpTransportElement.MaxReceivedMessageSize = Int32.MaxValue;
httpTransportElement.MaxBufferSize = Int32.MaxValue;
httpTransportElement.MaxBufferPoolSize = Int32.MaxValue;
httpTransportElement.AuthenticationScheme = AuthenticationSchemes.Anonymous;
httpTransportElement.BypassProxyOnLocal = false;
httpTransportElement.UseDefaultWebProxy = true;
System.ServiceModel.Channels.Binding binding = new CustomBinding(securityElement, encodingElement, httpTransportElement);
binding.SendTimeout = TimeSpan.FromMinutes(15);
EndpointAddress address = new EndpointAddress(new Uri(svcURL), EndpointIdentity.CreateDnsIdentity("contoso.com"));
ServiceClient svcClient = new ServiceClient(binding, address);
被覆盖的代理客户端:
public ServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress)
:base (binding, remoteAddress)
{
System.ServiceModel.Description.ClientCredentials cc = new System.ServiceModel.Description.ClientCredentials();
cc.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
base.Endpoint.Behaviors.RemoveAt(1);
base.Endpoint.Behaviors.Add(cc);
}