C# 禁用从服务到客户端的消息签名_C#_.net_Wcf_C# 4.0_X509certificate

C# 禁用从服务到客户端的消息签名

c# .net wcf c#-4.0

C# 禁用从服务到客户端的消息签名,c#,.net,wcf,c#-4.0,x509certificate,C#,.net,Wcf,C# 4.0,X509certificate,如何禁用从服务到客户端的消息签名？我将basicHttpBinding与消息安全模式和证书一起用作凭据类型我有一个可行的解决方案，但是这个解决方案在两个方向上都使用证书签名；我只需要方向客户->服务。我怎样才能做到呢？有可能吗？我的用例非常简单；基本上我不想要求客户指定服务证书，他们只提供他们的证书，我只是在我的自定义证书验证器中检查这个证书是否已注册和启用服务配置 <system.serviceModel> <services> <servic

如何禁用从服务到客户端的消息签名？我将basicHttpBinding与消息安全模式和证书一起用作凭据类型

我有一个可行的解决方案，但是这个解决方案在两个方向上都使用证书签名；我只需要方向客户->服务。我怎样才能做到呢？有可能吗？我的用例非常简单；基本上我不想要求客户指定服务证书，他们只提供他们的证书，我只是在我的自定义证书验证器中检查这个证书是否已注册和启用

服务配置

<system.serviceModel>
  <services>
    <service behaviorConfiguration="MyApp.ServiceBehavior" name="MyApp.Service">
      <endpoint address="" binding="basicHttpBinding" contract="MyApp.IService" bindingConfiguration="CustomBinding">
        <identity>
          <dns value="SebastianServer" />
        </identity>
      </endpoint>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
    </service>
  </services>

  <behaviors>
    <serviceBehaviors>
      <behavior name="MyApp.ServiceBehavior">
        <serviceCredentials>
          <serviceCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />

          <clientCertificate>
            <!--<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />-->
            <authentication certificateValidationMode="Custom" customCertificateValidatorType="MyApp.CustomValidator, MyApp"/>
          </clientCertificate>

        </serviceCredentials>
      </behavior>
    </serviceBehaviors>
  </behaviors>

  <bindings>
    <basicHttpBinding>
      <binding name="CustomBinding">
        <security mode="Message">
          <message clientCredentialType="Certificate" />
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
</system.serviceModel>

客户端配置

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="certificateEndpoint">
        <clientCredentials>
          <clientCertificate findValue="f2ba8e5a7531df7097117661d966d1f14fccb360" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
          <serviceCertificate>
            <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
            <defaultCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>

  <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_IService">
          <security mode="Message">
            <transport clientCredentialType="None" />
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </basicHttpBinding>
  </bindings>

  <client>
    <endpoint
      address="http://localhost:5129/Service.svc"
      binding="basicHttpBinding"
      bindingConfiguration="BasicHttpBinding_IService"
      contract="MyAppService.IService"
      behaviorConfiguration="certificateEndpoint"
      name="BasicHttpBinding_IService">
      <identity>
        <dns value="SebastianServer"/>
      </identity>
    </endpoint>
  </client>
</system.serviceModel>

客户绑定是可能的。

请看，其中的共识是“不，他们不应该”！