.net 需要SSL证书和客户端证书会在WCF JSON服务中引发异常
我有一个使用JSON的简单WCF服务设置。在这个服务中,我想使用客户端证书的客户端身份验证。我已经通过设置文件夹/site/services/wcf/json/将iis6配置为需要SSL和客户端证书。此设置通常称为双向SSL 但是,每当我尝试使用生成的SSL证书测试页面时,就会出现异常 服务“None”的SSL设置与IIS“SSL、SslNegotiateCert、SslRequireCert”的设置不匹配 我已经测试了证书是否安装正确。我创建了一个需要客户端身份验证的基本虚拟目录。此虚拟目录包含一个简单的.htm文件。我已经确认它需要https,并且它对我的客户端证书提出质疑,当我证明是有效的客户端证书时,它会显示.htm页面,当我没有证明是有效的证书时,它不会显示 当在IIS中将这些相同的设置应用到我的WCF服务时,我得到了上述异常。我试图将这些服务配置为也需要SSL和客户端身份验证,但我仍然遇到上述异常 这是我的设置.net 需要SSL证书和客户端证书会在WCF JSON服务中引发异常,.net,iis-6,ssl-certificate,wcf-security,wcf-rest,.net,Iis 6,Ssl Certificate,Wcf Security,Wcf Rest,我有一个使用JSON的简单WCF服务设置。在这个服务中,我想使用客户端证书的客户端身份验证。我已经通过设置文件夹/site/services/wcf/json/将iis6配置为需要SSL和客户端证书。此设置通常称为双向SSL 但是,每当我尝试使用生成的SSL证书测试页面时,就会出现异常 服务“None”的SSL设置与IIS“SSL、SslNegotiateCert、SslRequireCert”的设置不匹配 我已经测试了证书是否安装正确。我创建了一个需要客户端身份验证的基本虚拟目录。此虚拟目录包
<system.serviceModel>
<!-- behaviors -->
<behaviors>
<endpointBehaviors>
<behavior name="jsonBehavior">
<enableWebScript />
<clientCredentials>
<clientCertificate findValue="*.MyCompany.com" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceCredentials>
<serviceCertificate findValue="*.MyCompany.com" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!-- bindings -->
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<!-- services -->
<services>
<service name="Service1Json" behaviorConfiguration="">
<endpoint address="https://www.MyCompany.com/site/services/wcf/json/Service1.svc"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService1" />
</service>
<service name="Service2Json" behaviorConfiguration="">
<endpoint address="https://www.MyCompany.com/site/Services/WCF/json/Service2.svc"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService2" />
</service>
<service name="Service3Json" behaviorConfiguration="">
<endpoint address="https://www.MyCompany.com/site/services/wcf/json/Service3.svc"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService3" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
这个问题实际上比我上面描述的更复杂。最终得到的解决方案非常简单 在最初的问题中没有提到的是,我们有多个端点:1。肥皂2。JSON。这些都需要使用双向SSL进行保护 我们的错误如下:
<system.serviceModel>
<!-- behaviors -->
<behaviors>
<endpointBehaviors>
<behavior name="jsonBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- bindings -->
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="None">
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webBinding">
<security mode="None">
</security>
</binding>
</webHttpBinding>
</bindings>
<!-- services -->
<services>
<service name="MyCompany.Services.Wcf.Service1" behaviorConfiguration="">
<endpoint address="json"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService1" />
<endpoint address=""
behaviorConfiguration=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyCompany.Services.Wcf.IService1" />
</service>
<service name="MyCompany.Services.Wcf.Service2" behaviorConfiguration="">
<endpoint address="json"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService2" />
<endpoint address=""
behaviorConfiguration=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyCompany.Services.Wcf.IService2" />
</service>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
如果我们选择让SOAP不使用双向SSL,而JSON需要双向SSL,那么配置就会复杂得多 您可以将此答案标记为“解决方案”,即使它是您自己的。这将进一步帮助将来发现这个问题的其他人。好的,谢谢。我没有意识到这是必要的。我还在这里学习诀窍。欢迎来到SO,请欣赏:)
<system.serviceModel>
<!-- behaviors -->
<behaviors>
<endpointBehaviors>
<behavior name="jsonBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- bindings -->
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="None">
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webBinding">
<security mode="None">
</security>
</binding>
</webHttpBinding>
</bindings>
<!-- services -->
<services>
<service name="MyCompany.Services.Wcf.Service1" behaviorConfiguration="">
<endpoint address="json"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService1" />
<endpoint address=""
behaviorConfiguration=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyCompany.Services.Wcf.IService1" />
</service>
<service name="MyCompany.Services.Wcf.Service2" behaviorConfiguration="">
<endpoint address="json"
behaviorConfiguration="jsonBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="MyCompany.Services.Wcf.IService2" />
<endpoint address=""
behaviorConfiguration=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyCompany.Services.Wcf.IService2" />
</service>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>