Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/wcf/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# WCF错误:找不到令牌身份验证器_C#_Wcf_Ssl_X509certificate_Http Token Authentication - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# WCF错误:找不到令牌身份验证器

C# WCF错误:找不到令牌身份验证器

c# wcf ssl

C# WCF错误:找不到令牌身份验证器,c#,wcf,ssl,x509certificate,http-token-authentication,C#,Wcf,Ssl,X509certificate,Http Token Authentication,我需要通过SSL使用WCF服务,而请求需要使用一个证书签名,响应需要使用另一个证书验证 我在执行代码时遇到此错误: 找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌 根据WCF跟踪,它在尝试验证响应签名时失败,因为我可以看到来自服务器的响应 以下是我的WCF服务设置: ),我尝试设置不同的设置组合变体,但仍然出现此错误 有什么想法吗?取消响应证书签名验证也是一个选项,但如何设置它

我需要通过SSL使用WCF服务,而请求需要使用一个证书签名,响应需要使用另一个证书验证

我在执行代码时遇到此错误:

找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌

根据WCF跟踪,它在尝试验证响应签名时失败,因为我可以看到来自服务器的响应

以下是我的WCF服务设置: 

),我尝试设置不同的设置组合变体,但仍然出现此错误


有什么想法吗?取消响应证书签名验证也是一个选项,但如何设置它???
尝试使用具有以下配置的自定义绑定:


<security allowSerializedSigningTokenOnReply="true" />



已解决


<system.serviceModel>

  <behaviors>
    <endpointBehaviors>

      <behavior name="DPSSLXDIG">
        <clientCredentials supportInteractive="false">
          <clientCertificate findValue="clientcert" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
          <serviceCertificate>
            <defaultCertificate findValue="servercert" storeName="TrustedPeople" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
            <authentication certificateValidationMode="None" revocationMode="NoCheck" />
          </serviceCertificate>
          <windows allowNtlm="false" allowedImpersonationLevel="None" />
          <httpDigest impersonationLevel="None" />
          <peer>
            <peerAuthentication revocationMode="NoCheck" />
          </peer>
        </clientCredentials>
      </behavior>

    </endpointBehaviors>
  </behaviors>

  <bindings>

    <customBinding>

      <binding name="DPSSLXDIG">
        <textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
        <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
            requireDerivedKeys="false" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt"
            messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
            requireSecurityContextCancellation="false">
          <secureConversationBootstrap />
        </security>
        <httpsTransport authenticationScheme="Anonymous" requireClientCertificate="true" />
      </binding>

    </customBinding>

  </bindings>
    <client>

      <endpoint address="https://myserver/webservice.asmx"
           behaviorConfiguration="DPSSLXDIG" binding="customBinding"
           bindingConfiguration="DPSSLXDIG" contract="serviceRef.smssoap"
           name="smsEndpoint">
        <identity>
          <dns value="servercert" />
        </identity>

      </endpoint>

    </client>
</system.serviceModel>



我遇到了同样的问题,并在这里发布了解决方案(适用于前来寻求答案的人):



基于这个问题,似乎是相同的解决方案:


  • authenticationMode=“CertificateOverTransport”
    更改为
    authenticationMode=“MutualCertificate”
    • 

  • 使用
    MessageSecurityVersion.wssecurity10wstrustfebruary2005wssecurityconversationfebruary2005wssecuritypolicy11basicsecurityprofile10
    • 

  • 在生成的客户端中,将
    ProtectionLevel=ProtectionLevel.Sign
    添加到
    servicecontract属性中。这样可以避免对主体进行加密
    • 

    你从哪里打这个电话?win forms应用程序?“取消响应证书签名验证也是一个选项”。。。别让Dominick Baier听到!是的,我开发了tester win form appyes mike:)我也不喜欢这个解决方案,但我该怎么做呢?我试过了,但我一直收到相同的错误…我还必须问,你是否通过复制和粘贴WCF测试客户端的设置来创建设置?我在另一篇文章中看到了这一点,尝试过,但没有帮助…:(确切地说,是什么解决了它?!用这个就行了configuration@CodeCaster:此问题比链接的问题旧。是否仍应将其标记为副本?我可以复制/粘贴解决方案,但这似乎没有意义。另一个问题似乎比此问题有更好的答案。我将关闭此问题。

    <system.serviceModel>

  <behaviors>
    <endpointBehaviors>

      <behavior name="DPSSLXDIG">
        <clientCredentials supportInteractive="false">
          <clientCertificate findValue="clientcert" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
          <serviceCertificate>
            <defaultCertificate findValue="servercert" storeName="TrustedPeople" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
            <authentication certificateValidationMode="None" revocationMode="NoCheck" />
          </serviceCertificate>
          <windows allowNtlm="false" allowedImpersonationLevel="None" />
          <httpDigest impersonationLevel="None" />
          <peer>
            <peerAuthentication revocationMode="NoCheck" />
          </peer>
        </clientCredentials>
      </behavior>

    </endpointBehaviors>
  </behaviors>

  <bindings>

    <customBinding>

      <binding name="DPSSLXDIG">
        <textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
        <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
            requireDerivedKeys="false" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt"
            messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
            requireSecurityContextCancellation="false">
          <secureConversationBootstrap />
        </security>
        <httpsTransport authenticationScheme="Anonymous" requireClientCertificate="true" />
      </binding>

    </customBinding>

  </bindings>
    <client>

      <endpoint address="https://myserver/webservice.asmx"
           behaviorConfiguration="DPSSLXDIG" binding="customBinding"
           bindingConfiguration="DPSSLXDIG" contract="serviceRef.smssoap"
           name="smsEndpoint">
        <identity>
          <dns value="servercert" />
        </identity>

      </endpoint>

    </client>
</system.serviceModel>