C# 如何使用自签名证书实现WCF安全性?
我在谷歌上用证书安全设置了我的WCF服务,我找到了一堆文章,但我无法决定哪篇文章容易阅读。此外,当我键入这些命令时,VisualStudio命令提示符中有一些工具,而有些工具则没有。谁能告诉我确切的步骤或指向我一些好的链接C# 如何使用自签名证书实现WCF安全性?,c#,wcf,C#,Wcf,我在谷歌上用证书安全设置了我的WCF服务,我找到了一堆文章,但我无法决定哪篇文章容易阅读。此外,当我键入这些命令时,VisualStudio命令提示符中有一些工具,而有些工具则没有。谁能告诉我确切的步骤或指向我一些好的链接 提前感谢:)最困难的部分是配置。否则,任务只是创建客户机和服务器证书并安装证书。我想你知道怎么做。证书必须放在受信任的人员存储中。下面粘贴了一个大致精简的配置。我已经成功地使用了它(你必须替换像“address here”这样的值…。因此,请逐行检查此配置,并确定要命名的内容
提前感谢:)最困难的部分是配置。否则,任务只是创建客户机和服务器证书并安装证书。我想你知道怎么做。证书必须放在受信任的人员存储中。下面粘贴了一个大致精简的配置。我已经成功地使用了它(你必须替换像“address here”这样的值…。因此,请逐行检查此配置,并确定要命名的内容。我在两个教程的帮助下将其放在一起,但我不再有链接
<system.serviceModel>
<services>
<service name="MyService" behaviorConfiguration="MyServiceBehavior">
<endpoint name="MyServiceEndpoint" address="" binding="netTcpBinding" bindingConfiguration="MyServiceBinding" contract="IMyContract"/>
<host>
<baseAddresses>
<add baseAddress="address here"/>
</baseAddresses>
</host>
</service>
</services>
<client>
<endpoint name="MyClientEndpoint" address="address here" behaviorConfiguration="ClientCertificateBehavior" binding="netTcpBinding" bindingConfiguration="MyClientBinding" contract="IMyContract">
<identity>
<dns value="ServerCertificate"/>
</identity>
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata/>
<!--need this for mex to work properly!-->
<!--
The serviceCredentials behavior allows you to define a service certificate.
A service certificate is used by the service to authenticate itself to its clients and to provide message protection.
This configuration references the "localhost" certificate installed during the set up instructions.
-->
<serviceCredentials>
<serviceCertificate findValue="ServerCertificate" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
<clientCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it is trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having certificates issued by a certificate authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="CurrentUser"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<!--
The clientCredentials behavior allows you to define a certificate to present to a service.
A certificate is used by a client to authenticate itself to the service and provide message integrity.
This configuration references the "client.com" certificate installed during the setup instructions.
-->
<clientCredentials>
<clientCertificate findValue="WFCClient" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it is trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having certificates issued by a certificate authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="CurrentUser"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="MyClientBinding" maxConnections="25000" listenBacklog="25000" portSharingEnabled="false" closeTimeout="00:05:00" openTimeout="00:05:00" sendTimeout="24:11:30" transferMode="Buffered" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2097152000" maxReceivedMessageSize="2097152000" maxBufferPoolSize="2097152000">
<readerQuotas maxStringContentLength="2000000000" maxArrayLength="2000000000" maxDepth="2000000000" maxBytesPerRead="2000000000" maxNameTableCharCount="2000000000"/>
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="MyServiceBinding" maxConnections="25000" listenBacklog="25000" portSharingEnabled="false" closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="24:12:35" transferMode="Buffered" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="10485760" maxReceivedMessageSize="10485760" maxBufferPoolSize="104857600">
<readerQuotas maxStringContentLength="2000000000" maxArrayLength="2000000000" maxDepth="2000000000" maxBytesPerRead="2000000000" maxNameTableCharCount="2000000000"/>
<security>
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</netTcpBinding>
</bindings>