Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/wcf/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# wcf UserNamePasswordValidator类和客户端证书_C#_Wcf_Ssl - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# wcf UserNamePasswordValidator类和客户端证书

C# wcf UserNamePasswordValidator类和客户端证书

c# wcf ssl

C# wcf UserNamePasswordValidator类和客户端证书,c#,wcf,ssl,C#,Wcf,Ssl,我在wcf中使用了自定义用户名密码验证器进行安全实现。为此,我创建了自签名证书。在尝试使用web服务时,我遇到了以下错误“无法为具有权限的SSL/TLS安全通道建立信任关系”。在谷歌搜索了一段时间后,我发现需要在客户端安装证书。所以我的问题是 1) Is it always required to install certificate on the client even if we used trusted third party? 2) Is it possible to implemen

我在wcf中使用了自定义用户名密码验证器进行安全实现。为此,我创建了自签名证书。在尝试使用web服务时,我遇到了以下错误“无法为具有权限的SSL/TLS安全通道建立信任关系”。在谷歌搜索了一段时间后,我发现需要在客户端安装证书。所以我的问题是

1) Is it always required to install certificate on the client even if we used trusted third party?
2) Is it possible to implement UserNamePassword without any certificate?
问题1

不,这不是必需的

在服务器端,您应该添加这样的行为

<behavior name="SecureBehavior">
  <serviceMetadata httpGetEnabled="true" />  
  <serviceCredentials>
    <!-- 
    The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.                  
    -->
    <userNameAuthentication userNamePasswordValidationMode="Custom"
                            customUserNamePasswordValidatorType="[Your.Custom.WCFUserValidator], [AssemblyName]"/>
    <!-- 
    The serviceCredentials behavior allows one to define a service certificate.
    A service certificate is used by a client to authenticate the service and provide message protection.
    This configuration references the "localhost" certificate installed during the setup instructions.
    -->
    <serviceCertificate findValue="[certificateName]" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
  </serviceCredentials>
</behavior>
然后将行为添加到服务器端点

<service name="[serviceName]" behaviorConfiguration="SecureBehavior">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsSecureConfig"
                  contract="[ContractName]" />
        <endpoint address="/MEX" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
在客户端,您可以在配置文件中设置服务证书的公共部分,如下所示:

<endpoint address="http://..."
        binding="wsHttpBinding"
        contract="..."
        name="serviceName">
      <identity>
        <certificate encodedValue="[Encoded Value]" />
      </identity>
    </endpoint>
获取客户端配置的简单方法是通过VisualStudio(添加服务引用上下文菜单)向客户端项目中的服务添加服务引用。这将添加一个配置文件,其中客户端端点已准备好使用

问题2

如果使用自定义身份验证,则必须将客户端凭据类型设置为UserName。这允许将用户名和密码提交到服务以执行身份验证。是的,您必须使用证书。

上面的配置在Web服务中,对吗?我的意思是如何添加endcoded值我尝试了,但没有得到编码值