3

我需要创建一个“路由”服务。我正在尝试使用 .Net 的 System.ServiceModel.Routing.IRequestReplyRouter 我可以使其仅在 HTTP 模式下工作,而不是在 HTTPS 下工作。错误是“无法建立安全的 SSL/TLS 连接”...我还尝试了自定义证书验证器,但它没有被调用!(已创建,但未调用 validate 方法)

我在这里发布我的配置:

<?xml version="1.0"?>


    <bindings>

        <customBinding>
            <!-- Security Off version-->
            <binding name="customBindingNotSecure">
                <textMessageEncoding messageVersion="Soap12WSAddressing10"/>
                <httpTransport />
            </binding>

            <!-- Security On -->
            <binding name="customBindingSecure">

                <textMessageEncoding messageVersion="Soap12WSAddressing10">
                </textMessageEncoding>
                <security authenticationMode="UserNameOverTransport" />
                <httpsTransport  />
            </binding>

            <binding name="platoneBinding">
                <textMessageEncoding messageVersion="Soap12WSAddressing10" />
                <httpsTransport maxReceivedMessageSize="1000000" maxBufferPoolSize="1000000" maxBufferSize="1000000" />
            </binding>

        </customBinding>


    </bindings>

    <services>
        <service behaviorConfiguration="routingService" name="System.ServiceModel.Routing.RoutingService">
            <endpoint address=""
              binding="customBinding"
              name="reqReplyEndpoint"
              contract="System.ServiceModel.Routing.IRequestReplyRouter"  bindingConfiguration="customBindingSecure"/>

            <endpoint address=""
              binding="customBinding"
              name="reqReplyEndpointHttp"
              contract="System.ServiceModel.Routing.IRequestReplyRouter"
    bindingConfiguration="customBindingNotSecure"/>

        </service>


    </services>
    <behaviors>

        <endpointBehaviors>
            <behavior name="CustomClientBehavior">
                <clientCredentials>
                    <serviceCertificate>
                        <defaultCertificate findValue="serverx509v1" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                        <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                         certificateValidationMode="Custom" revocationMode="NoCheck" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>

        <serviceBehaviors>
            <behavior name="routingService">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <routing routeOnHeadersOnly="true" filterTableName="routingTable1" />
                <serviceCredentials>

                    <clientCertificate>

                        <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                         certificateValidationMode="Custom" revocationMode="NoCheck" />
                    </clientCertificate>
                    <userNameAuthentication userNamePasswordValidationMode="Custom"
                     customUserNamePasswordValidatorType="com.abodata.plat1.WCFProxy.UsernameValidator, PlatoneWSRelay" />

                </serviceCredentials>

            </behavior>

            <behavior name="">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>


        </serviceBehaviors>
    </behaviors>

    <routing>
        <filters>
            <filter name="MatchAllFilter1" filterType="MatchAll" />
        </filters>
        <filterTables>
            <filterTable name="routingTable1">
                <add filterName="MatchAllFilter1" endpointName="PlatoneWSService" />
            </filterTable>
        </filterTables>

    </routing>

    <client>
        <endpoint address="https://10.0.2.243:9006/Persistence"
         binding="customBinding" bindingConfiguration="platoneBinding"
         contract="*" name="PlatoneWSService">

            <identity>
 <dns value="serverx509v1" />
</identity>
        </endpoint>
    </client>


    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>

编辑:我设法通过添加到我的配置来建立 TLS 连接

<system.net>
    <settings>
        <servicePointManager checkCertificateName="false"  checkCertificateRevocationList="false"/>
    </settings>
</system.net>

但是......现在我的肥皂信封的安全标头有问题。客户端将消息正确发送到我的路由器,但它删除了安全标头,所以我得到一个异常......

4

1 回答 1

4

好的...我还解决了第二个问题。

我的路由器绑定不能指定安全标签,否则它会处理信封。这是我的工作配置

    <?xml version="1.0"?>
<configuration>



    <system.serviceModel>

        <bindings>
            <!-- Must use custom binding: silverlight only support basicHttpBinding that is not
                    SOAP 1.2. So.. I create a custom binding-->
            <customBinding>
                <!-- Security Off version-->
                <binding name="customBindingNotSecure">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10"/>
                    <httpTransport />
                </binding>

                <!-- Security On -->
                <binding name="customBindingSecure">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10">
                        <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
              maxArrayLength="2147483647" maxBytesPerRead="2147483647"
              maxNameTableCharCount="2147483647" />
                    </textMessageEncoding>
                    <httpsTransport maxBufferPoolSize="2000000" maxBufferSize="2000000" maxReceivedMessageSize="2000000" />
                </binding>

                <binding name="platoneBinding">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10" />                   
                    <httpsTransport maxReceivedMessageSize="1000000000" maxBufferPoolSize="1000000000" maxBufferSize="1000000000" />
                </binding>

            </customBinding>


        </bindings>

        <services>

            <service behaviorConfiguration="routingService" name="System.ServiceModel.Routing.RoutingService">
                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpoint"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"  bindingConfiguration="customBindingSecure"/>

                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpointHttp"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"
        bindingConfiguration="customBindingNotSecure"/>

            </service>


        </services>
        <behaviors>

            <serviceBehaviors>
                <behavior name="routingService">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <routing routeOnHeadersOnly="true" filterTableName="routingTable1" />
                </behavior>

                <behavior name="">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>

        <routing>
            <filters>
                <filter name="MatchAllFilter1" filterType="MatchAll" />
            </filters>
            <filterTables>
                <filterTable name="routingTable1">
                    <add filterName="MatchAllFilter1" endpointName="PlatoneWSService" />
                </filterTable>
            </filterTables>

        </routing>

        <client>
            <!-- https://10.0.2.243:9006/Persistence -->
            <endpoint address="https://10.0.2.243:9006/Persistence"
             binding="customBinding" bindingConfiguration="platoneBinding"
             contract="*" name="PlatoneWSService">

            </endpoint>
        </client>


        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>


    <system.net>
        <settings>
            <servicePointManager checkCertificateName="false"  checkCertificateRevocationList="false"/>
        </settings>
    </system.net>
</configuration>

缓冲区和消息的尺寸必须经过“测试”(也就是说……我选择了一个大数字来使它工作……)

于 2012-03-14T07:38:27.183 回答