Fatal编程技术网
  • csharp/
  • C# WCF服务和自定义CA

C# WCF服务和自定义CA

c# wcf ssl

C# WCF服务和自定义CA,c#,wcf,ssl,ssl-certificate,ca,C#,Wcf,Ssl,Ssl Certificate,Ca,我已经使用openssl创建了自定义证书颁发机构(CA)。然后,我使用上一个证书和来自IIS的请求创建了证书。现在我有了一连串的证书。然后我将第二个绑定到我的WCF服务,一切都很好。然后在客户机上,我在可信根证书颁发机构中安装了CA证书,使其能够识别我的自定义证书。 我的WCF服务当前在简单http连接上运行。 服务器端: <system.serviceModel> <behaviors> <serviceBehaviors>

我已经使用openssl创建了自定义证书颁发机构(CA)。然后,我使用上一个证书和来自IIS的请求创建了证书。现在我有了一连串的证书。然后我将第二个绑定到我的WCF服务,一切都很好。然后在客户机上,我在可信根证书颁发机构中安装了CA证书,使其能够识别我的自定义证书。 我的WCF服务当前在简单http连接上运行。 服务器端:

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="None">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

    <system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceCredentials>
                <serviceCertificate
                    findValue = "*.mydomain.com"
                    storeLocation = "LocalMachine"
                    storeName = "My"
                    x509FindType = "FindBySubjectName"
                    />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
            <host>
                <baseAddresses>
                    <add baseAddress="http://localhost:8095/Design_Time_Addresses/SyncWcfServices/MainService/" />
                </baseAddresses>
            </host>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
客户端:

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IMainService" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00">
                <security mode="None" />
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMainService"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService" />
    </client>
</system.serviceModel>
因此,我需要更改此设置以支持SSL连接。我已经读了很多关于如何做的帖子,但是总是使用双向认证检查,这意味着服务器必须检查客户端证书,客户端必须检查服务器证书。但我只希望客户端使用我安装的CA检查服务器证书。和以前一样,服务器将使用普通凭据(用户名、密码)进行检查。我认为我必须将安全模式更改为双面传输,将服务器mex端点更改为mexHttpsBinding,但接下来该怎么做?请帮助解决它。
谢谢大家

我终于找到了正确的方法!所以服务器端:

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="None">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

    <system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="SyncWcfServices.MainServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceCredentials>
                <serviceCertificate
                    findValue = "*.mydomain.com"
                    storeLocation = "LocalMachine"
                    storeName = "My"
                    x509FindType = "FindBySubjectName"
                    />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <services>
        <service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
            <host>
                <baseAddresses>
                    <add baseAddress="http://localhost:8095/Design_Time_Addresses/SyncWcfServices/MainService/" />
                </baseAddresses>
            </host>
        </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
客户端:

    <system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name = "ServiceCertificate">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode = "ChainTrust"/>
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
                <security mode="Transport">
                    <transport clientCredentialType="None"></transport>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://localhost/SyncService/SyncService.svc"
         binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize"
         behaviorConfiguration = "ServiceCertificate"
         contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService">
        </endpoint>             
    </client>
</system.serviceModel>
希望它能帮助别人! 另外,请参阅Juval Lowy&Michael Montgomery的《编程WCF服务》(第四版)一书。这是一本很棒的书