Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/wcf/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何在客户端和服务器上使用嵌入式证书设置自托管https WCF服务?_Https_Wcf - Fatal编程技术网
Fatal编程技术网
  • https/
  • 如何在客户端和服务器上使用嵌入式证书设置自托管https WCF服务?

如何在客户端和服务器上使用嵌入式证书设置自托管https WCF服务?

https wcf

如何在客户端和服务器上使用嵌入式证书设置自托管https WCF服务?,https,wcf,Https,Wcf,我正在创建一个简单的WCF服务来接收崩溃报告 该服务将作为控制台程序自托管运行,并且必须在不安装任何证书的情况下运行 安全方面,我需要确保客户端发送的数据只发送到我们的服务器,并且数据不会被截获。从服务器的角度来看,我还希望确保连接的客户机使用特定的证书(嵌入在客户机程序集中)来阻止滥用服务 我已经创建了一个自签名证书,并计划将.cer(包含证书的公共部分)嵌入到客户端程序集中,并将包含带有私钥的证书的PFX嵌入到服务主机程序集中。(我相信我可以使用一个证书) 我的问题是,无论如何设置,我都会出

我正在创建一个简单的WCF服务来接收崩溃报告

该服务将作为控制台程序自托管运行,并且必须在不安装任何证书的情况下运行

安全方面,我需要确保客户端发送的数据只发送到我们的服务器,并且数据不会被截获。从服务器的角度来看,我还希望确保连接的客户机使用特定的证书(嵌入在客户机程序集中)来阻止滥用服务

我已经创建了一个自签名证书,并计划将.cer(包含证书的公共部分)嵌入到客户端程序集中,并将包含带有私钥的证书的PFX嵌入到服务主机程序集中。(我相信我可以使用一个证书)

我的问题是,无论如何设置,我都会出现以下错误:

“向发出HTTP请求时出错。这可能是因为在HTTPS情况下,服务器证书未正确配置为HTTP.SYS。这也可能是由于客户端和服务器之间的安全绑定不匹配造成的。”

绑定之间不应存在不匹配,因为它们是使用相同的代码创建的:



public static BasicHttpBinding CreateStreamingBinding() {
  BasicHttpBinding streamBinding = new BasicHttpBinding();
  streamBinding.TransferMode = TransferMode.StreamedRequest;
  streamBinding.MaxReceivedMessageSize = long.MaxValue;
  streamBinding.Security = new BasicHttpSecurity
  {
    Transport = new HttpTransportSecurity 
    {
      ClientCredentialType = HttpClientCredentialType.None,
      ProxyCredentialType =HttpProxyCredentialType.None
    },
    Mode = BasicHttpSecurityMode.Transport,
  };
  streamBinding.MaxBufferSize = int.MaxValue;
  streamBinding.MessageEncoding = WSMessageEncoding.Mtom;
  streamBinding.SendTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  streamBinding.ReceiveTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  return streamBinding;
}



protected ErrorReportingServiceClient CreateClient() {
  X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.cer" );

  EndpointAddress endpointAddress = new EndpointAddress( new Uri( ReportingServiceUri ));

  ErrorReportingServiceClient client =  new ErrorReportingServiceClient( CreateStreamingBinding(), endpointAddress );
  client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
  client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
  client.ClientCredentials.ClientCertificate.Certificate = cert;

  return client;
}



    X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.pfx", <password>);
    BasicHttpBinding basicHttpBinding = CreateStreamingBinding();
    host.Credentials.ClientCertificate.Certificate = cert;
    host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    host.Credentials.ServiceCertificate.Certificate = cert;

    host.AddServiceEndpoint( contractType, basicHttpBinding, baseAddress );

在客户端上,创建服务的代码设置如下(证书位置仅用于测试):



public static BasicHttpBinding CreateStreamingBinding() {
  BasicHttpBinding streamBinding = new BasicHttpBinding();
  streamBinding.TransferMode = TransferMode.StreamedRequest;
  streamBinding.MaxReceivedMessageSize = long.MaxValue;
  streamBinding.Security = new BasicHttpSecurity
  {
    Transport = new HttpTransportSecurity 
    {
      ClientCredentialType = HttpClientCredentialType.None,
      ProxyCredentialType =HttpProxyCredentialType.None
    },
    Mode = BasicHttpSecurityMode.Transport,
  };
  streamBinding.MaxBufferSize = int.MaxValue;
  streamBinding.MessageEncoding = WSMessageEncoding.Mtom;
  streamBinding.SendTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  streamBinding.ReceiveTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  return streamBinding;
}



protected ErrorReportingServiceClient CreateClient() {
  X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.cer" );

  EndpointAddress endpointAddress = new EndpointAddress( new Uri( ReportingServiceUri ));

  ErrorReportingServiceClient client =  new ErrorReportingServiceClient( CreateStreamingBinding(), endpointAddress );
  client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
  client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
  client.ClientCredentials.ClientCertificate.Certificate = cert;

  return client;
}



    X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.pfx", <password>);
    BasicHttpBinding basicHttpBinding = CreateStreamingBinding();
    host.Credentials.ClientCertificate.Certificate = cert;
    host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    host.Credentials.ServiceCertificate.Certificate = cert;

    host.AddServiceEndpoint( contractType, basicHttpBinding, baseAddress );

在服务端,设置如下所示:



public static BasicHttpBinding CreateStreamingBinding() {
  BasicHttpBinding streamBinding = new BasicHttpBinding();
  streamBinding.TransferMode = TransferMode.StreamedRequest;
  streamBinding.MaxReceivedMessageSize = long.MaxValue;
  streamBinding.Security = new BasicHttpSecurity
  {
    Transport = new HttpTransportSecurity 
    {
      ClientCredentialType = HttpClientCredentialType.None,
      ProxyCredentialType =HttpProxyCredentialType.None
    },
    Mode = BasicHttpSecurityMode.Transport,
  };
  streamBinding.MaxBufferSize = int.MaxValue;
  streamBinding.MessageEncoding = WSMessageEncoding.Mtom;
  streamBinding.SendTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  streamBinding.ReceiveTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
  return streamBinding;
}



protected ErrorReportingServiceClient CreateClient() {
  X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.cer" );

  EndpointAddress endpointAddress = new EndpointAddress( new Uri( ReportingServiceUri ));

  ErrorReportingServiceClient client =  new ErrorReportingServiceClient( CreateStreamingBinding(), endpointAddress );
  client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
  client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
  client.ClientCredentials.ClientCertificate.Certificate = cert;

  return client;
}



    X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.pfx", <password>);
    BasicHttpBinding basicHttpBinding = CreateStreamingBinding();
    host.Credentials.ClientCertificate.Certificate = cert;
    host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    host.Credentials.ServiceCertificate.Certificate = cert;

    host.AddServiceEndpoint( contractType, basicHttpBinding, baseAddress );



X509Certificate2证书=新的X509Certificate2(@“C:\certs\reporting.pfx”);
BasicHttpBinding BasicHttpBinding=CreateStreamingBinding();
host.Credentials.ClientCertificate.Certificate=cert;
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode=X509CertificateValidationMode.None;
host.Credentials.ServiceCertificate.Certificate=cert;
AddServiceEndpoint(contractType、basicHttpBinding、baseAddress);

如果您有任何关于如何正确设置的帮助,我们将不胜感激。

MSDN论坛上回答了这个问题:

在MSDN论坛上回答了这个问题: