C# 具有证书的WCF网络tcp,连接客户端服务器失败
我的WCF服务的安全模式设置为message,clientCredentialType设置为certificate。 尝试连接时,出现以下异常: 异常消息:无法发送安全令牌请求 已满足,因为身份验证失败 以下是WCF日志: X.509证书CN=Client.Product.local,O=My Company Ltd, OU=“”,S=“”,L=“”,C=“”;7C02D26E1C59558A51C3CDC02CB36C280E50BA24 连锁建设失败了。使用的证书具有信任链 这是无法核实的。更换证书或更改 certificateValidationMode。吊销功能无法检查 证书的撤销 以下是相关代码: //服务器设置C# 具有证书的WCF网络tcp,连接客户端服务器失败,c#,wcf,certificate,C#,Wcf,Certificate,我的WCF服务的安全模式设置为message,clientCredentialType设置为certificate。 尝试连接时,出现以下异常: 异常消息:无法发送安全令牌请求 已满足,因为身份验证失败 以下是WCF日志: X.509证书CN=Client.Product.local,O=My Company Ltd, OU=“”,S=“”,L=“”,C=“”;7C02D26E1C59558A51C3CDC02CB36C280E50BA24 连锁建设失败了。使用的证书具有信任链 这是无法核实的。
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
public void Init()
{
Uri baseAddress = new Uri("net.tcp://localhost:8632/TestService");
ServiceHost host = new ServiceHost(typeof(ReconCommService.ReconstructionService),new Uri[] { baseAddress } );
try
{
host.Credentials.ServiceCertificate.Certificate = CertificateManager.VCertificate.CertifciateOf.ServerCert();
host.Open();
Console.WriteLine("The service is ready at {0}", baseAddress);
}
}
public X509Certificate2 ServerCert()
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
//var store = new X509Store("Product", StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var cn = "CN=Server.Product.local, O=My Company Ltd, OU=\"\", S=\"\", L=\"\", C=\"\"";
var currentCerts = certCollection.Find(X509FindType.FindBySubjectDistinguishedName, cn, false);
return currentCerts.Count == 0 ? null : currentCerts[0];
}
公共void Init()
{
Uri baseAddress=新的Uri(“净”。tcp://localhost:8632/TestService");
ServiceHost主机=新的ServiceHost(typeof(ReconCommService.ReconstructionService),新的Uri[]{baseAddress});
尝试
{
host.Credentials.ServiceCertificate.Certificate=CertificateManager.VCertificate.CertificateOf.ServerCert();
host.Open();
WriteLine(“服务在{0}处准备就绪”,基地址);
}
}
公共X509Certificate2服务器证书()
{
var store=new X509Store(StoreName.My,StoreLocation.LocalMachine);
//var store=new X509Store(“产品”,StoreLocation.LocalMachine);
打开(OpenFlags.ReadOnly);
var certCollection=store.Certificates;
var cn=“cn=Server.Product.local,O=My Company Ltd,OU=\“\”,S=\“\”,L=\“\”,C=\“\”;
var currentCerts=certCollection.Find(X509FindType.findbysubjectdifferentiedname,cn,false);
返回currentCerts.Count==0?空:currentCerts[0];
}
//客户端设置
public void Init()
{
binding = new NetTcpBinding();
binding.Name = "NetTcpBindingEndpoint";
binding.MaxBufferSize = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.ReceiveTimeout = new TimeSpan(5, 0, 0);
binding.OpenTimeout = new TimeSpan(0, 0, 10);
binding.SendTimeout = connectionTimeout;
binding.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
binding.ReliableSession.InactivityTimeout = inactivityTimeout;
binding.ReliableSession.Enabled = true;
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
string uriStr = "net.tcp://127.0.0.1:8632/TestServiceService";
endpointAddress = new EndpointAddress(uriStr);
factory = new DuplexChannelFactory<IReconstructionService>(ctx, binding, endpointAddress);
factory.Credentials.ClientCertificate.Certificate = CertificateManager.VCertificate.CertifciateOf.ClientCert();
}
public X509Certificate2 ClientCert()
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
//var store = new X509Store("Product", StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var cn = "CN=Client.Product.local, O=My Company Ltd, OU=\"\", S=\"\", L=\"\", C=\"\"";
var currentCerts = certCollection.Find(X509FindType.FindBySubjectDistinguishedName, cn, false);
return currentCerts.Count == 0 ? null : currentCerts[0];
}
// Exception occurs when try to establish connection in ->> ((IChannel)channel).EndOpen(ar)
public IReconstructionService CLientProxy
{
get
{
if (System.Net.ServicePointManager.SecurityProtocol == (SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls))
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
// --- This is a workaround for reducing the connection timeouts without touching the sendTimeout
IReconstructionService channel = factory.CreateChannel();
var ar = ((IChannel)channel).BeginOpen(null, null);
if (!ar.AsyncWaitHandle.WaitOne(factory.Endpoint.Binding.OpenTimeout, true))
{
throw new TimeoutException("Service is not available");
}
((IChannel)channel).EndOpen(ar); <<-- Exception
myChannel = channel;
return channel;
// ---- If it's making any problems --> comment this code and return above 2 commented lines
}
}
public void Init()
{
binding=新的NetTcpBinding();
binding.Name=“nettcbindingEndpoint”;
binding.MaxBufferSize=int.MaxValue;
binding.MaxReceivedMessageSize=int.MaxValue;
binding.ReceiveTimeout=新的时间跨度(5,0,0);
binding.OpenTimeout=newtimespan(0,0,10);
binding.SendTimeout=connectionTimeout;
binding.HostNameComparisonMode=HostNameComparisonMode.strong通配符;
binding.ReaderQuotas.MaxDepth=int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength=int.MaxValue;
binding.ReaderQuotas.MaxArrayLength=int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead=int.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount=int.MaxValue;
binding.ReliableSession.InactivityTimeout=InactivityTimeout;
binding.ReliableSession.Enabled=true;
binding.Security.Mode=SecurityMode.Message;
binding.Security.Message.ClientCredentialType=MessageCredentialType.Certificate;
string uriStr=“net。tcp://127.0.0.1:8632/TestServiceService";
endpointAddress=新的endpointAddress(uriStr);
工厂=新的DuplexChannelFactory(ctx、绑定、端点地址);
factory.Credentials.ClientCertificate.Certificate=CertificateManager.VCertificate.CertificateOf.ClientCert();
}
公共X509Certificate2客户端证书()
{
var store=new X509Store(StoreName.My,StoreLocation.LocalMachine);
//var store=new X509Store(“产品”,StoreLocation.LocalMachine);
打开(OpenFlags.ReadOnly);
var certCollection=store.Certificates;
var cn=“cn=Client.Product.local,O=My Company Ltd,OU=\“\”,S=\“\”,L=\“\”,C=\“\”;
var currentCerts=certCollection.Find(X509FindType.findbysubjectdifferentiedname,cn,false);
返回currentCerts.Count==0?空:currentCerts[0];
}
//尝试在->>((IChannel)通道中建立连接时发生异常
公共IReconstructionService客户端代理
{
得到
{
if(System.Net.ServicePointManager.SecurityProtocol==(SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls))
System.Net.ServicePointManager.SecurityProtocol=SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
System.Net.ServicePointManager.SecurityProtocol=SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
//---这是一种在不接触sendTimeout的情况下减少连接超时的解决方法
IReconstructionService通道=工厂.CreateChannel();
var ar=((IChannel)channel.beginpoen(null,null);
if(!ar.AsyncWaitHandle.WaitOne(factory.Endpoint.Binding.OpenTimeout,true))
{
抛出新的TimeoutException(“服务不可用”);
}
((IChannel)频道).endoin(ar);这可能是由于您的证书存在问题。存在类似问题,您可以参考它: