C# 使用企业CA的WCF SSL证书
对于应用程序,我需要WCF服务的SSL证书 所以我们安装了它。如果我使用带有https的web浏览器的internet浏览器,我没有问题,没有警告,什么都没有,所以我认为此证书对windows有效 问题是,当我尝试连接到WCF服务器时,出现以下错误: L=MyLocation,S=SO,C=CH链构建失败。证明 使用的具有无法验证的信任链。替换 认证或更改certificateValidationMode。撤销 函数无法检查吊销,因为吊销服务器 他离线了 有什么不对劲?我如何知道链的哪一部分是无效的?有没有办法知道缺失的部分是什么 这是我的密码 服务器:C# 使用企业CA的WCF SSL证书,c#,wcf,ssl,certificate-authority,ca,C#,Wcf,Ssl,Certificate Authority,Ca,对于应用程序,我需要WCF服务的SSL证书 所以我们安装了它。如果我使用带有https的web浏览器的internet浏览器,我没有问题,没有警告,什么都没有,所以我认为此证书对windows有效 问题是,当我尝试连接到WCF服务器时,出现以下错误: L=MyLocation,S=SO,C=CH链构建失败。证明 使用的具有无法验证的信任链。替换 认证或更改certificateValidationMode。撤销 函数无法检查吊销,因为吊销服务器 他离线了 有什么不对劲?我如何知道链的哪一部分是无
ServiceHost myHost = new ServiceHost(typeof(MyService));
WSHttpBinding binding = new WSHttpBinding
{
ReaderQuotas = { MaxStringContentLength = int.MaxValue, MaxArrayLength = int.MaxValue, MaxDepth = int.MaxValue, MaxBytesPerRead = int.MaxValue, MaxNameTableCharCount = int.MaxValue },
MaxReceivedMessageSize = int.MaxValue
};
TimeSpan timeoutSpan = TimeSpan.FromMilliseconds(timeout);
binding.CloseTimeout = timeoutSpan;
binding.OpenTimeout = timeoutSpan;
binding.ReceiveTimeout = timeoutSpan;
binding.SendTimeout = timeoutSpan;
binding.ReliableSession.InactivityTimeout = timeoutSpan;
binding.MaxBufferPoolSize = int.MaxValue;
//we set the security type
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
//we set the server's certificate
myHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, ConfigurationManager.AppSettings["Hostname"]);
myHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
//we add the endPoint(and we indicate which methods are exposed through the interface
myHost.AddServiceEndpoint(services[port], binding, String.Format("http://localhost:{0}", port));
//Some services doesn't need an authentication
if (!servicesWithoutAuth.Contains(services[port]))
{
//We set the authentifier:
myHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
myHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameValidator();
myHost.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
//we set the AuthorizationPolicy
List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy> { new CustomAuthorizationPolicy() };
myHost.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();
}
else
{
//We set the authentifier:
myHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
myHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new NoUserNamePasswordValidator();
}
//We bypass the certificate verification(our certificate is only self signed)
//HACK Only to desactivate the SSL check:
ServicePointManager.ServerCertificateValidationCallback += ValidateCertificate;
//HACK: Remove when debug finished
private static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
return true;
}
ServiceHost myHost=newservicehost(typeof(MyService));
WSHttpBinding=新的WSHttpBinding
{
ReaderQuotas={MaxStringContentLength=int.MaxValue,MaxArrayLength=int.MaxValue,MaxDepth=int.MaxValue,MaxBytesPerRead=int.MaxValue,MaxNameTableCharCount=int.MaxValue},
MaxReceivedMessageSize=int.MaxValue
};
TimeSpan timeoutSpan=TimeSpan.fromMillimes(超时);
binding.CloseTimeout=timeoutSpan;
binding.OpenTimeout=timeoutSpan;
binding.ReceiveTimeout=timeoutSpan;
binding.SendTimeout=timeoutSpan;
binding.ReliableSession.InactivityTimeout=timeoutSpan;
binding.MaxBufferPoolSize=int.MaxValue;
//我们设置了安全类型
binding.Security.Mode=SecurityMode.Message;
binding.Security.Message.ClientCredentialType=MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType=HttpClientCredentialType.None;
//我们设置了服务器的证书
myHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My,X509FindType.FindBySubjectName,ConfigurationManager.AppSettings[“主机名]);
myHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode=X509CertificateValidationMode.None;
//我们添加端点(并指出哪些方法是通过接口公开的)
myHost.AddServiceEndpoint(服务[端口],绑定,字符串.Format(“http://localhost:{0}(端口));
//有些服务不需要身份验证
如果(!servicesWithoutAuth.Contains(服务[端口])
{
//我们设置authentifier:
myHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode=UserNamePasswordValidationMode.Custom;
myHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator=新的CustomUserNameValidator();
myHost.Authorization.PrincipalPermissionMode=PrincipalPermissionMode.Custom;
//我们制定了授权政策
列表策略=新列表{new CustomAuthorizationPolicy()};
myHost.Authorization.ExternalAuthorizationPolicies=policies.AsReadOnly();
}
其他的
{
//我们设置authentifier:
myHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode=UserNamePasswordValidationMode.Custom;
myHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator=新的NoUserNamePasswordValidator();
}
//我们绕过了证书验证(我们的证书只是自签名的)
//HACK仅用于解除SSL检查的激活:
ServicePointManager.ServerCertificateValidationCallback+=ValidateCertificate;
//HACK:调试完成后删除
私有静态bool ValidateCertificate(对象发送方、X509Certificate证书、X509Chain链、SslPolicyErrors SslPolicyErrors)
{
返回true;
}
// the remote adress is of the form "net.tcp://localhost:8000"
string remoteAddress = String.Format("{0}://{1}:{2}", Tools.GetDescription(accessInfo.ServiceHost.Protocol), accessInfo.ServiceHost.HostName, accessInfo.PortNumber);
// HACK: binding depends on protocol -> switch over accessInfo.ServiceHost.Protocol
// avoid seralization/deserialization problems with large XML's
WSHttpBinding binding = new WSHttpBinding();
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
TimeSpan timeoutSpan = DateTime.Now.AddMinutes(30) - DateTime.Now;
binding.CloseTimeout = timeoutSpan;
binding.OpenTimeout = timeoutSpan;
binding.ReceiveTimeout = timeoutSpan;
binding.SendTimeout = timeoutSpan;
binding.ReliableSession.InactivityTimeout = timeoutSpan;
//++
binding.MaxBufferPoolSize = int.MaxValue;
//we set the security type
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<TService> channelFactory = new ChannelFactory<TService>(binding, remoteAddress);
channelFactory.Credentials.UserName.UserName = ((UsernamePasswordAuthentication)authInfos).Username;
channelFactory.Credentials.UserName.Password = ((UsernamePasswordAuthentication)authInfos).Password;
//We set the maxItemsInObjectGraph
foreach (OperationDescription op in channelFactory.Endpoint.Contract.Operations)
{
DataContractSerializerOperationBehavior dataContractBehavior = op.Behaviors.Find<DataContractSerializerOperationBehavior>();
if (dataContractBehavior != null)
{
dataContractBehavior.MaxItemsInObjectGraph = int.MaxValue;
}
}
SamlSecurityTokenAuthenticator authenticator = new SamlSecurityTokenAuthenticator(new List<SecurityTokenAuthenticator>(new SecurityTokenAuthenticator[] { new RsaSecurityTokenAuthenticator(), new X509SecurityTokenAuthenticator(X509CertificateValidator.None) }), TimeSpan.FromDays(5));
_service = channelFactory.CreateChannel();
//远程地址的形式为“net”。tcp://localhost:8000"
string remoteAddress=string.Format(“{0}://{1}:{2}”,Tools.GetDescription(accessInfo.ServiceHost.Protocol),accessInfo.ServiceHost.HostName,accessInfo.PortNumber);
//HACK:绑定取决于协议->切换accessInfo.ServiceHost.protocol
//避免大型XML的序列化/反序列化问题
WSHttpBinding=新的WSHttpBinding();
binding.ReaderQuotas.MaxStringContentLength=int.MaxValue;
binding.ReaderQuotas.MaxArrayLength=int.MaxValue;
binding.MaxReceivedMessageSize=int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength=int.MaxValue;
binding.ReaderQuotas.MaxArrayLength=int.MaxValue;
binding.ReaderQuotas.MaxDepth=int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead=int.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount=int.MaxValue;
TimeSpan timeoutSpan=DateTime.Now.AddMinutes(30)-DateTime.Now;
binding.CloseTimeout=timeoutSpan;
binding.OpenTimeout=timeoutSpan;
binding.ReceiveTimeout=timeoutSpan;
binding.SendTimeout=timeoutSpan;
binding.ReliableSession.InactivityTimeout=timeoutSpan;
//++
binding.MaxBufferPoolSize=int.MaxValue;
//我们设置了安全类型
binding.Security.Mode=SecurityMode.Message;
binding.Security.Message.ClientCredentialType=MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType=HttpClientCredentialType.None;
ChannelFactory ChannelFactory=新的ChannelFactory(绑定,远程地址);
channelFactory.Credentials.UserName.UserName=((UsernamePasswordAuthentication)authInfos);
channelFactory.Credentials.UserName.Password=((UsernamePasswordAuthentication)authInfos).Password;
//我们设置maxItemsInObjectGraph
foreach(channelFactory.Endpoint.Contract.Operations中的OperationDescription op)
{
DataContractSerializerOperationBehavior dataContractBehavior=op.Behaviors.Find();
if(dataContractBehavior!=null)
{
dataContractBehavior.MaxItemsInObjectGraph=int.MaxValue;
}
}
SamlSecurityTokenAuthenticator authenticator=新SamlSecurityTokenAuthenticator(新列表(新SecurityTokenAuthenticator[]{new RsaSecurityTokenAuthenticator(),新X509SecurityTokenAuthenticator(X509CertificateValidator.None)}),TimeSpan.FromDays(5));
_service=channelFactory.CreateChannel();
// the remote adress is of the form "net.tcp://localhost:8000"
string remoteAddress = String.Format("{0}://{1}:{2}", Tools.GetDescription(accessInfo.ServiceHost.Protocol), accessInfo.ServiceHost.HostName, accessInfo.PortNumber);
// HACK: binding depends on protocol -> switch over accessInfo.ServiceHost.Protocol
// avoid seralization/deserialization problems with large XML's
WSHttpBinding binding = new WSHttpBinding();
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
TimeSpan timeoutSpan = DateTime.Now.AddMinutes(30) - DateTime.Now;
binding.CloseTimeout = timeoutSpan;
binding.OpenTimeout = timeoutSpan;
binding.ReceiveTimeout = timeoutSpan;
binding.SendTimeout = timeoutSpan;
binding.ReliableSession.InactivityTimeout = timeoutSpan;
//++
binding.MaxBufferPoolSize = int.MaxValue;
//we set the security type
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<TService> channelFactory = new ChannelFactory<TService>(binding, remoteAddress);
channelFactory.Credentials.UserName.UserName = ((UsernamePasswordAuthentication)authInfos).Username;
channelFactory.Credentials.UserName.Password = ((UsernamePasswordAuthentication)authInfos).Password;
//We set the maxItemsInObjectGraph
foreach (OperationDescription op in channelFactory.Endpoint.Contract.Operations)
{
DataContractSerializerOperationBehavior dataContractBehavior = op.Behaviors.Find<DataContractSerializerOperationBehavior>();
if (dataContractBehavior != null)
{
dataContractBehavior.MaxItemsInObjectGraph = int.MaxValue;
}
}
SamlSecurityTokenAuthenticator authenticator = new SamlSecurityTokenAuthenticator(new List<SecurityTokenAuthenticator>(new SecurityTokenAuthenticator[] { new RsaSecurityTokenAuthenticator(), new X509SecurityTokenAuthenticator(X509CertificateValidator.None) }), TimeSpan.FromDays(5));
_service = channelFactory.CreateChannel();