C# WCF错误:找不到令牌身份验证器
我需要通过SSL使用WCF服务,而请求需要使用一个证书签名,响应需要使用另一个证书验证 我在执行代码时遇到此错误: 找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌 根据WCF跟踪,它在尝试验证响应签名时失败,因为我可以看到来自服务器的响应 以下是我的WCF服务设置:C# WCF错误:找不到令牌身份验证器,c#,wcf,ssl,x509certificate,http-token-authentication,C#,Wcf,Ssl,X509certificate,Http Token Authentication,我需要通过SSL使用WCF服务,而请求需要使用一个证书签名,响应需要使用另一个证书验证 我在执行代码时遇到此错误: 找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌 根据WCF跟踪,它在尝试验证响应签名时失败,因为我可以看到来自服务器的响应 以下是我的WCF服务设置: ),我尝试设置不同的设置组合变体,但仍然出现此错误 有什么想法吗?取消响应证书签名验证也是一个选项,但如何设置它
),我尝试设置不同的设置组合变体,但仍然出现此错误
有什么想法吗?取消响应证书签名验证也是一个选项,但如何设置它???尝试使用具有以下配置的自定义绑定:
<security allowSerializedSigningTokenOnReply="true" />
已解决强>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="DPSSLXDIG">
<clientCredentials supportInteractive="false">
<clientCertificate findValue="clientcert" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="servercert" storeName="TrustedPeople" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
<windows allowNtlm="false" allowedImpersonationLevel="None" />
<httpDigest impersonationLevel="None" />
<peer>
<peerAuthentication revocationMode="NoCheck" />
</peer>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="DPSSLXDIG">
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
requireDerivedKeys="false" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSecurityContextCancellation="false">
<secureConversationBootstrap />
</security>
<httpsTransport authenticationScheme="Anonymous" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://myserver/webservice.asmx"
behaviorConfiguration="DPSSLXDIG" binding="customBinding"
bindingConfiguration="DPSSLXDIG" contract="serviceRef.smssoap"
name="smsEndpoint">
<identity>
<dns value="servercert" />
</identity>
</endpoint>
</client>
</system.serviceModel>
我遇到了同样的问题,并在这里发布了解决方案(适用于前来寻求答案的人):
基于这个问题,似乎是相同的解决方案:
将authenticationMode=“CertificateOverTransport”
更改为authenticationMode=“MutualCertificate”
使用MessageSecurityVersion.wssecurity10wstrustfebruary2005wssecurityconversationfebruary2005wssecuritypolicy11basicsecurityprofile10
在生成的客户端中,将ProtectionLevel=ProtectionLevel.Sign
添加到servicecontract属性中。这样可以避免对主体进行加密
你从哪里打这个电话?win forms应用程序?“取消响应证书签名验证也是一个选项”。。。别让Dominick Baier听到!是的,我开发了tester win form appyes mike:)我也不喜欢这个解决方案,但我该怎么做呢?我试过了,但我一直收到相同的错误…我还必须问,你是否通过复制和粘贴WCF测试客户端的设置来创建设置?我在另一篇文章中看到了这一点,尝试过,但没有帮助…:(确切地说,是什么解决了它?!用这个就行了configuration@CodeCaster:此问题比链接的问题旧。是否仍应将其标记为副本?我可以复制/粘贴解决方案,但这似乎没有意义。另一个问题似乎比此问题有更好的答案。我将关闭此问题。
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="DPSSLXDIG">
<clientCredentials supportInteractive="false">
<clientCertificate findValue="clientcert" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="servercert" storeName="TrustedPeople" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
<windows allowNtlm="false" allowedImpersonationLevel="None" />
<httpDigest impersonationLevel="None" />
<peer>
<peerAuthentication revocationMode="NoCheck" />
</peer>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="DPSSLXDIG">
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
requireDerivedKeys="false" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSecurityContextCancellation="false">
<secureConversationBootstrap />
</security>
<httpsTransport authenticationScheme="Anonymous" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://myserver/webservice.asmx"
behaviorConfiguration="DPSSLXDIG" binding="customBinding"
bindingConfiguration="DPSSLXDIG" contract="serviceRef.smssoap"
name="smsEndpoint">
<identity>
<dns value="servercert" />
</identity>
</endpoint>
</client>
</system.serviceModel>