Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/266.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C#WCF为OASIS WS 1.1 X509证书令牌配置文件设置服务和客户端_C#_Web Services_Wcf_Soap_Ssl - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C#WCF为OASIS WS 1.1 X509证书令牌配置文件设置服务和客户端

C#WCF为OASIS WS 1.1 X509证书令牌配置文件设置服务和客户端

c# web-services wcf soap ssl

C#WCF为OASIS WS 1.1 X509证书令牌配置文件设置服务和客户端,c#,web-services,wcf,soap,ssl,C#,Web Services,Wcf,Soap,Ssl,我想设置一个模块,它将作为服务和客户端与其他模块进行远程通信。通信应该在SOAP 1.2中进行,并且应该使用OASIS WSS 1.1和X.509证书令牌配置文件。 我已经使用makecert制作了一个开发证书,它已经被信任了 由于该模块基本上是基于C#的,因此所有设置都以代码形式给出。到目前为止,我获得了以下服务代码: 绑定的代码: System.ServiceModel.Channels.AsymmetricSecurityBindingElement asbe = new Asymmet

我想设置一个模块,它将作为服务和客户端与其他模块进行远程通信。通信应该在SOAP 1.2中进行,并且应该使用OASIS WSS 1.1和X.509证书令牌配置文件。

我已经使用makecert制作了一个开发证书,它已经被信任了

由于该模块基本上是基于C#的,因此所有设置都以代码形式给出。到目前为止,我获得了以下服务代码:

绑定的代码:

System.ServiceModel.Channels.AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement();
        asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;

        asbe.InitiatorTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
        asbe.RecipientTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
        asbe.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;

        asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
        asbe.EnableUnsecuredResponse = true;
        asbe.IncludeTimestamp = false;
        asbe.SetKeyDerivation(false);
        asbe.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
        asbe.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
        asbe.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());

        CustomBinding myBinding = new CustomBinding();
        myBinding.Elements.Add(asbe);
        myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12, Encoding.UTF8));

        HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
        httpsBindingElement.RequireClientCertificate = true;
        myBinding.Elements.Add(httpsBindingElement);
行为准则:

//Then initiate the service host
        _Host = new ServiceHost(typeof(TClass), baseAddress);

        //Add the service endpoint we defined
        _Host.AddServiceEndpoint(typeof(TInterface), _Binding, typeof(TInterface).ToString());//BindingHelper.GetUserNameBinding(), "");
        //Set searching the certificate
        _Host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "MyServerCert");
        _Host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        _Host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
        //Allow the metadata spreading
        ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
        smb.HttpsGetEnabled = true;
        smb.HttpGetEnabled = true;
        _Host.Description.Behaviors.Add(smb);
        ServiceDebugBehavior sdb = new ServiceDebugBehavior();
        sdb.IncludeExceptionDetailInFaults = false; //Should only provide the endpoint property (GP WS-Message profile specs)
        //Add the appropriate endpoint
        if (baseAddress.AbsoluteUri.Contains("https"))
            _Host.AddServiceEndpoint(
              typeof(IMetadataExchange),
              MetadataExchangeBindings.CreateMexHttpsBinding(),
              "mex");
        else
            _Host.AddServiceEndpoint(
                typeof(IMetadataExchange),
                 MetadataExchangeBindings.CreateMexHttpBinding(),
            "mex");
在客户端,我使用相同的代码创建绑定,并且使用以下行为:

channelFactory = new ChannelFactory<T>(bindIn, serviceAddress);
        if (wsFeature != null)
        {
            channelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
            channelFactory.Endpoint.Behaviors.Add(wsFeature);
            channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "MyServerCert");
                channelFactory.Credentials.ServiceCertificate.SetScopedCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "MyServerCert",serviceAddress.Uri);

        }
        _ProxiObject = channelFactory.CreateChannel();

channelFactory=新的channelFactory(bindIn,serviceAddress);
if(wsFeature!=null)
{
移除(typeof(ClientCredentials));
channelFactory.Endpoint.Behaviors.Add(wsFeature);
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My,X509FindType.FindBySubjectName,“MyServerCert”);
channelFactory.Credentials.ServiceCertificate.SetScopedCertificate(StoreLocation.LocalMachine,StoreName.My,X509FindType.FindBySubjectName,“MyServerCert”,serviceAddress.Uri);
}
_ProxiObject=channelFactory.CreateChannel();
在这里,行为wsFeature基本上是一个简单的类,实际上什么都不做(只实现IEndpointBehavior的空白函数)。 我在
的同一台机器上同时拥有服务和客户机,即使服务和客户机都已成功创建,我也只收到了著名的“向
发出HTTP请求时出错”错误

我已经设法通过一个不安全的通道与模块(BasicHttpBinding-无安全性)连接并交换消息,因此我确信我在定义绑定或分配凭据时犯了错误。显然,我已经在这里浏览了很多次,但没有找到一个有效的解决方案。 这是我第一次见到WCF和X509,而且我也没有安全通信。有很多机会犯错误。请指出我所做的。 谢谢大家!