WCF SSL证书身份验证无法识别配置设置_Wcf_Authentication_Iis_Ssl

WCF SSL证书身份验证无法识别配置设置

wcf authentication iis ssl

WCF SSL证书身份验证无法识别配置设置,wcf,authentication,iis,ssl,Wcf,Authentication,Iis,Ssl,我试图在WCF/.NET版本4.0 IIS版本7.5中使用SSL证书身份验证，但是，当我启用oneToOneMappings身份验证时，系统无法识别maxReceivedMessageSize，当我注释oneToOneMappings身份验证部分时，IIS识别maxReceivedMessageSize变量关于如何使此WCF服务使用启用SSL证书身份验证时我设置的maxReceivedMessageSize值，有什么想法吗服务模式部分： <system.serviceModel>

我试图在WCF/.NET版本4.0 IIS版本7.5中使用SSL证书身份验证，但是，当我启用oneToOneMappings身份验证时，系统无法识别maxReceivedMessageSize，当我注释oneToOneMappings身份验证部分时，IIS识别maxReceivedMessageSize变量

关于如何使此WCF服务使用启用SSL证书身份验证时我设置的maxReceivedMessageSize值，有什么想法吗

服务模式部分：

<system.serviceModel>
    <services>
      <service behaviorConfiguration="AServiceBehavior" name="<IContract>">
        <endpoint address=""  binding="basicHttpBinding" bindingConfiguration="MutualSslBinding" contract="<IContract>"  name="AnEndpoint" />
        <host><baseAddresses><add baseAddress="https://asite.com/service" /></baseAddresses></host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="AServiceBehavior">
          <serviceCredentials>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
          <serviceSecurityAudit auditLogLocation="Security" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  <bindings>
      <basicHttpBinding>
        <binding name="MutualSslBinding" axReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
                    maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          <security mode="Transport"> <transport clientCredentialType="Certificate" /></security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
    </serviceHostingEnvironment>  
  </system.serviceModel>

<system.webServer>
    <security>
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
      <authentication>
        <anonymousAuthentication enabled="true" />
        <basicAuthentication enabled="false" />
        <clientCertificateMappingAuthentication enabled="false" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true" manyToOneCertificateMappingsEnabled="true">
          <oneToOneMappings>
                        <clear />
                        <add userName="<LocalUser>" password="<EncryptedPassword>" certificate="<Authentication certificate text>" />
          </oneToOneMappings>
        </iisClientCertificateMappingAuthentication>
      </authentication>
    </security>
    <modules runAllManagedModulesForAllRequests="true" />
    <directoryBrowse enabled="false" />
  </system.webServer>

证书安全部分：

<system.serviceModel>
    <services>
      <service behaviorConfiguration="AServiceBehavior" name="<IContract>">
        <endpoint address=""  binding="basicHttpBinding" bindingConfiguration="MutualSslBinding" contract="<IContract>"  name="AnEndpoint" />
        <host><baseAddresses><add baseAddress="https://asite.com/service" /></baseAddresses></host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="AServiceBehavior">
          <serviceCredentials>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
          <serviceSecurityAudit auditLogLocation="Security" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  <bindings>
      <basicHttpBinding>
        <binding name="MutualSslBinding" axReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
                    maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          <security mode="Transport"> <transport clientCredentialType="Certificate" /></security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
    </serviceHostingEnvironment>  
  </system.serviceModel>

<system.webServer>
    <security>
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
      <authentication>
        <anonymousAuthentication enabled="true" />
        <basicAuthentication enabled="false" />
        <clientCertificateMappingAuthentication enabled="false" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true" manyToOneCertificateMappingsEnabled="true">
          <oneToOneMappings>
                        <clear />
                        <add userName="<LocalUser>" password="<EncryptedPassword>" certificate="<Authentication certificate text>" />
          </oneToOneMappings>
        </iisClientCertificateMappingAuthentication>
      </authentication>
    </security>
    <modules runAllManagedModulesForAllRequests="true" />
    <directoryBrowse enabled="false" />
  </system.webServer>

在这种特定情况下，问题与WCF配置无关，而是与IIS中的uploadReadAheadSize设置有关

TLS开销

使用SSL证书身份验证时，请求的开销会在身份验证过程中将大小增加到49Kb以上

返回错误413实体太大

使用uploadReadAheadSize控制允许的IIS请求大小。

首先验证IIS请求筛选

为此，请打开IIS管理器。选择您的应用程序。在Features视图中，您将看到“请求筛选”。打开此功能，您将在右侧面板上找到“编辑功能设置” 允许的最大内容长度是可选的U-Int属性。它指定请求中内容的最大长度（以字节为单位）。默认值为30000000，约为28.6MB。接下来，我们可以在IIS中设置uploadReadAheadSize

要导航到此设置，请使用以下步骤：

启动“Internet信息服务（IIS）管理器”

展开服务器字段
扩展站点
选择应用程序所在的站点
在功能部分，双击“配置编辑器”
在“部分”下选择：system.webServer>serverRuntime

默认设置值为49Kb