WCF SSL证书身份验证无法识别配置设置
我试图在WCF/.NET版本4.0 IIS版本7.5中使用SSL证书身份验证,但是,当我启用oneToOneMappings身份验证时,系统无法识别maxReceivedMessageSize,当我注释oneToOneMappings身份验证部分时,IIS识别maxReceivedMessageSize变量 关于如何使此WCF服务使用启用SSL证书身份验证时我设置的maxReceivedMessageSize值,有什么想法吗 服务模式部分:WCF SSL证书身份验证无法识别配置设置,wcf,authentication,iis,ssl,Wcf,Authentication,Iis,Ssl,我试图在WCF/.NET版本4.0 IIS版本7.5中使用SSL证书身份验证,但是,当我启用oneToOneMappings身份验证时,系统无法识别maxReceivedMessageSize,当我注释oneToOneMappings身份验证部分时,IIS识别maxReceivedMessageSize变量 关于如何使此WCF服务使用启用SSL证书身份验证时我设置的maxReceivedMessageSize值,有什么想法吗 服务模式部分: <system.serviceModel>
<system.serviceModel>
<services>
<service behaviorConfiguration="AServiceBehavior" name="<IContract>">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MutualSslBinding" contract="<IContract>" name="AnEndpoint" />
<host><baseAddresses><add baseAddress="https://asite.com/service" /></baseAddresses></host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AServiceBehavior">
<serviceCredentials>
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
<serviceSecurityAudit auditLogLocation="Security" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="MutualSslBinding" axReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport"> <transport clientCredentialType="Certificate" /></security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
<authentication>
<anonymousAuthentication enabled="true" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<windowsAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true" manyToOneCertificateMappingsEnabled="true">
<oneToOneMappings>
<clear />
<add userName="<LocalUser>" password="<EncryptedPassword>" certificate="<Authentication certificate text>" />
</oneToOneMappings>
</iisClientCertificateMappingAuthentication>
</authentication>
</security>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="false" />
</system.webServer>
证书安全部分:
<system.serviceModel>
<services>
<service behaviorConfiguration="AServiceBehavior" name="<IContract>">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MutualSslBinding" contract="<IContract>" name="AnEndpoint" />
<host><baseAddresses><add baseAddress="https://asite.com/service" /></baseAddresses></host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AServiceBehavior">
<serviceCredentials>
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
<serviceSecurityAudit auditLogLocation="Security" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="MutualSslBinding" axReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport"> <transport clientCredentialType="Certificate" /></security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
<authentication>
<anonymousAuthentication enabled="true" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<windowsAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true" manyToOneCertificateMappingsEnabled="true">
<oneToOneMappings>
<clear />
<add userName="<LocalUser>" password="<EncryptedPassword>" certificate="<Authentication certificate text>" />
</oneToOneMappings>
</iisClientCertificateMappingAuthentication>
</authentication>
</security>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="false" />
</system.webServer>
在这种特定情况下,问题与WCF配置无关,而是与IIS中的uploadReadAheadSize设置有关 TLS开销 使用SSL证书身份验证时,请求的开销会在身份验证过程中将大小增加到49Kb以上 返回错误413实体太大 使用uploadReadAheadSize控制允许的IIS请求大小。 首先验证IIS请求筛选 为此,请打开IIS管理器。选择您的应用程序。在Features视图中,您将看到“请求筛选”。打开此功能,您将在右侧面板上找到“编辑功能设置” 允许的最大内容长度是可选的U-Int属性。它指定请求中内容的最大长度(以字节为单位)。默认值为30000000,约为28.6MB。 接下来,我们可以在IIS中设置uploadReadAheadSize 要导航到此设置,请使用以下步骤: 启动“Internet信息服务(IIS)管理器”
- 展开服务器字段
- 扩展站点
- 选择应用程序所在的站点
- 在功能部分,双击“配置编辑器”
- 在“部分”下选择:system.webServer>serverRuntime