C# 安全的自托管WCF服务:从文件加载证书
我有一个发布RESTWebAPI的自托管WCF服务。该服务是以编程方式配置的,当前通过HTTP正常工作。 现在我需要让它在HTTPS上工作,并基于证书文件进行身份验证。 我知道建议的方法是在服务器计算机上的Windows证书存储中安装证书,但在我的情况下,这种方法是不可能的。 我需要从文件中加载证书 经过一些研究,我编写了代码,但当我尝试访问web服务时,抛出System.ServiceModel.CommunicationException,并显示以下消息: 向…发出HTTP请求时出错。。。这可能是因为在HTTPS情况下,服务器证书未正确配置为HTTP.SYS。这也可能是由于客户端和服务器之间的安全绑定不匹配造成的 以下是我的服务器端代码:C# 安全的自托管WCF服务:从文件加载证书,c#,rest,wcf,https,C#,Rest,Wcf,Https,我有一个发布RESTWebAPI的自托管WCF服务。该服务是以编程方式配置的,当前通过HTTP正常工作。 现在我需要让它在HTTPS上工作,并基于证书文件进行身份验证。 我知道建议的方法是在服务器计算机上的Windows证书存储中安装证书,但在我的情况下,这种方法是不可能的。 我需要从文件中加载证书 经过一些研究,我编写了代码,但当我尝试访问web服务时,抛出System.ServiceModel.CommunicationException,并显示以下消息: 向…发出HTTP请求时出错。。。这
_host = new WebServiceHost(_hostedService, Uri);
//Configuring the webHttpBinding settings
var httpBinding = new WebHttpBinding();
httpBinding.Security.Mode = WebHttpSecurityMode.Transport;
httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
httpBinding.SendTimeout = new TimeSpan(0, 5, 0);
httpBinding.MaxBufferSize = 2147483647;
httpBinding.MaxBufferPoolSize = 2147483647;
httpBinding.MaxReceivedMessageSize = 2147483647;
httpBinding.ReaderQuotas.MaxDepth = 2147483647;
httpBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
httpBinding.ReaderQuotas.MaxArrayLength = 2147483647;
httpBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
httpBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
//Add the endpoint with the webHttpBinding settings to the WebServiceHost configuration
_host.AddServiceEndpoint(typeof(IService), httpBinding, Uri);
ServiceDebugBehavior stp = _host.Description.Behaviors.Find<ServiceDebugBehavior>();
stp.HttpHelpPageEnabled = false;
ServiceBehaviorAttribute sba = _host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
sba.InstanceContextMode = InstanceContextMode.Single;
ServiceMetadataBehavior smb = new ServiceMetadataBehavior() { HttpsGetEnabled = true };
_host.Description.Behaviors.Add(smb);
X509Certificate2 trustedCertificate = new X509Certificate2("certificate.pfx", "password");
_host.Credentials.ServiceCertificate.Certificate = trustedCertificate;
_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
\u host=新的WebServiceHost(\u hostedService,Uri);
//配置webHttpBinding设置
var httpBinding=新的WebHttpBinding();
httpBinding.Security.Mode=WebHttpSecurityMode.Transport;
httpBinding.Security.Transport.ClientCredentialType=HttpClientCredentialType.Certificate;
httpBinding.SendTimeout=新的时间跨度(0,5,0);
httpBinding.MaxBufferSize=2147483647;
httpBinding.MaxBufferPoolSize=2147483647;
httpBinding.MaxReceivedMessageSize=2147483647;
httpBinding.ReaderQuotas.MaxDepth=2147483647;
httpBinding.ReaderQuotas.MaxStringContentLength=2147483647;
httpBinding.ReaderQuotas.MaxArrayLength=2147483647;
httpBinding.ReaderQuotas.MaxBytesPerRead=2147483647;
httpBinding.ReaderQuotas.MaxNameTableCharCount=2147483647;
//将具有webHttpBinding设置的端点添加到WebServiceHost配置中
_AddServiceEndpoint(typeof(IService),httpBinding,Uri);
ServiceDebugBehavior stp=_host.Description.Behaviors.Find();
stp.HttpHelpPageEnabled=false;
ServiceBehaviorAttribute sba=_host.Description.Behaviors.Find();
sba.InstanceContextMode=InstanceContextMode.Single;
ServiceMetadataBehavior smb=新ServiceMetadataBehavior(){HttpsGetEnabled=true};
_host.Description.Behaviors.Add(smb);
X509Certificate2 trustedCertificate=新的X509Certificate2(“certificate.pfx”、“密码”);
_host.Credentials.ServiceCertificate.Certificate=trustedCertificate;
_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode=X509CertificateValidationMode.None;
var httpBinding = new WebHttpBinding();
httpBinding.Security.Mode = WebHttpSecurityMode.Transport;
httpBinding.Security.Transport = new HttpTransportSecurity() { ClientCredentialType = HttpClientCredentialType.Certificate };
var httpUri = new Uri(String.Format("https://{0}:{1}", ipAddress, tcpPort));
var httpEndpoint = new EndpointAddress(httpUri);
var newFactory = new ChannelFactory<IService>(httpBinding, httpEndpoint);
newFactory.Endpoint.Behaviors.Add(new WebHttpBehavior());
X509Certificate2 trustedCertificate = new X509Certificate2("certificate.pfx", "password"); //SSL
newFactory.Credentials.ClientCertificate.Certificate = trustedCertificate;
var channel = newFactory.CreateChannel();
var response = channel.Ping("helo");
var-httpBinding=new-WebHttpBinding();
httpBinding.Security.Mode=WebHttpSecurityMode.Transport;
httpBinding.Security.Transport=new HttpTransportSecurity(){ClientCredentialType=HttpClientCredentialType.Certificate};
var httpUri=新Uri(String.Format(“https://{0}:{1}”,ipAddress,tcpPort));
var httpEndpoint=新端点地址(httpUri);
var newFactory=newchannelfactory(httpBinding,httpEndpoint);
newFactory.Endpoint.Behaviors.Add(newWebHttpBehavior());
X509Certificate2 trustedCertificate=新的X509Certificate2(“certificate.pfx”、“密码”)//SSL
newFactory.Credentials.ClientCertificate.Certificate=trustedCertificate;
var channel=newFactory.CreateChannel();
var响应=通道Ping(“helo”);
再见。据我所知,当我们通过Https托管自托管WCF服务时,无论我们使用何种方式(加载证书文件或通过Windows证书存储配置证书),都无法使该服务正常工作。我们需要做的唯一方法是使用以下命令手动绑定证书
netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
以下是我曾经写过的一些例子。
如果有什么我可以帮忙的,请随时告诉我。这正是我所担心的。。。非常感谢。还有一个问题:我如何知道我的certificate.pfx文件的certhash?certhash参数是证书的指纹,您可以通过编程或证书属性(安装,并在Windows证书存储中检查)获取它。X509Certificate2证书=新的X509Certificate2(“1.pfx”,“123456”);控制台写入线(证书指纹);顺便说一下,您提供的方法用于保护http上的通信,例如,如果我们要设置自定义用户名/密码身份验证,则需要使用上述方法提供证书来实现该功能。此外,如果我们在IIS中通过https托管服务,IIS绑定可以帮助我们绑定证书。netsh http add sslcert ipport=0.0.0.0:8000 certhash=。。。appid={…}似乎仅在证书进入证书存储时有效。。。否则我有错误1312。。。似乎我的任何需求都无法实现…:(