Wcf 我如何在Azure网站上创建一个客户端,并使用上载的证书进行身份验证?
我在服务器上运行了一个WCF服务,我创建了一个自签名证书,我的服务引用它,如下所示:Wcf 我如何在Azure网站上创建一个客户端,并使用上载的证书进行身份验证?,wcf,azure-web-app-service,client-certificates,Wcf,Azure Web App Service,Client Certificates,我在服务器上运行了一个WCF服务,我创建了一个自签名证书,我的服务引用它,如下所示: <behaviors> <serviceBehaviors> <behavior name="KeypadBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/>
<behaviors>
<serviceBehaviors>
<behavior name="KeypadBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
我的ASP.NET web应用程序需要为管理端点创建客户端:
<client>
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Client"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad"
contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Admin" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged"
name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<certificate encodedValue="a very long unique string" />
</identity>
</endpoint>
</client>
在虚拟机上,我可以创建一个使用管理端点客户端
我正在尝试将我的应用程序迁移到Azure WebApp。我在门户上上传了相同的证书。WCF服务无法启动,在我尝试设置位置和存储值之前,我花了一些时间:
<serviceCredentials>
<serviceCertificate storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName" />
</serviceCredentials>
服务现在显示为“欢迎页面”。我现在遇到的问题是,无论我如何尝试客户端配置(请参阅尝试A、B、C、D),任何创建客户端的尝试都会抛出RTE
<client>
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Client" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad" contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Admin" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged" name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<!-- Option A -->
<!--<certificate encodedValue="a very long unique string" />-->
<!-- Option B -->
<!--<certificate encodedValue="a very long unique string" />
<certificateReference
findValue="SELFHOSTTESTCert"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName"/>-->
<!-- Option C -->
<!--<certificateReference findValue="my thumbprint" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>-->
<!-- Option D -->
<!--<certificateReference storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>-->
</identity>
</endpoint>
</client>
如何使用上载的证书在Azure网站上创建客户端到端点
堆栈跟踪:服务器堆栈跟踪:在System.ServiceModel.Security.IssuanceTokenProviderBase1.在System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)在System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout)上完成协商(TimeSpan timeout)在System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)在System.ServiceModel.Channel.CommunicationObject.Open(TimeSpan timeout)在System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)在System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan TimeSpan timeout)在System.ServiceModel.Security在System.ServiceModel.Channel.SecurityChannel.SecurityChannel.Factory的System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)在System.ServiceModel.Channel.SecurityChannel工厂的System.ServiceModel.Channel.SecurityChannel工厂的System.ServiceModel.Channel.SecurityChannel1.OnOpen(TimeSpan timeout)在System.ServiceModel.Channel.CommunicationObject.Open在System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation操作、EndpointAddress目标、Uri via、SecurityToken currentToken、TimeSpan超时)的System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan超时)在System.ServiceModel.Security.SecuritySessionClient设置中的System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan超时)在System.ServiceModel.Security.SecuritySessionClient设置中
1.ClientSecuritySessionChannel.OnOpen(TimeSpan超时)在System.ServiceModel.Channels.CommunicationObject.Open中打开(TimeSpan超时)在System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.Syncwater.TryGetChannel()在System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.Syncwater.TryWait(TChannel&channel)在System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.TryGetChannel在System.ServiceModel.Channels.ClientReliableChannelBinder
1.Request(消息消息、TimeSpan超时、MaskingMode MaskingMode MaskingMode MaskingMode、TChannel和channel)处的System.ServiceModel.Channels.RequestReliableRequestor.OnRequest处的请求(消息、TimeSpan超时、MaskingMode MaskingMode MaskingMode MaskingMode)在System.ServiceModel.Channels.ClientReliableRequestor.request(TimeSpan timeout)在System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)在System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan timeout)在System.ServiceModel.Channels.CommunicationObject.Open在System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)在System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.iAllonce.Call(ServiceChannel,TimeSpan timeout)打开(TimeSpan TimeSpan timeout)在System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(时间跨度超时,CallOnceManager级联)在System.ServiceModel.Channels.ServiceChannel.Call(字符串操作,布尔单向,ProxyOperationRuntime操作,对象[]输入,对象[]输出,时间跨度超时)在System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime operation)在System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)异常在[0]重试:在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,IMessage retMsg)异常在System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&msgData,Int32类型),位于LaunchTeamTimeClient.Page_Load(对象发送方,事件参数e)的TTAHttp.ikeyPadPrivileged.ClearTokens(字符串MeetingID)
您似乎需要在WebApp应用程序设置中添加带有证书指纹的网站\u加载\u证书。如果是这种情况,请尝试跟踪日志添加。以下是从日志中截取的内容
添加名为WEBSITE\u LOAD\u CERTIFICATES的应用程序设置(其值设置为证书的指纹)将使您的web应用程序可以访问该设置。您可以有多个逗号分隔的指纹值,也可以将该值设置为“*”(不带引号)在这种情况下,所有证书都将加载到web应用程序个人证书存储中
如果您想在Azure WebApp中安装不允许的自签名CA证书。更多详细信息,请参阅另一个。