Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/wcf/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
基于证书的带RESTful WCF服务的相互SSL_Wcf_Ssl_Https - Fatal编程技术网
Fatal编程技术网
  • wcf/
  • 基于证书的带RESTful WCF服务的相互SSL

基于证书的带RESTful WCF服务的相互SSL

wcf ssl https

基于证书的带RESTful WCF服务的相互SSL,wcf,ssl,https,Wcf,Ssl,Https,我有一个基于证书的双向SSL WCF RESTful服务,它托管在windows应用程序中。服务器使用自签名证书绑定到的端口。证书存在于“我的”存储区的“LocalMachine”中。在同一个“我的”存储中还有客户端证书。客户端和服务器证书的名称都与计算机名称相同。客户端和服务器配置如下所示: 客户端: <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="

我有一个基于证书的双向SSL WCF RESTful服务,它托管在windows应用程序中。服务器使用自签名证书绑定到的端口。证书存在于“我的”存储区的“LocalMachine”中。在同一个“我的”存储中还有客户端证书。客户端和服务器证书的名称都与计算机名称相同。客户端和服务器配置如下所示:

客户端:

<system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior name="ClientBehavior">
      <webHttp />
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" x509FindType="FindByThumbprint" storeName="My" findValue="F50C62754783EC741F6E84E25888D17CBC145691" />
        <serviceCertificate>
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
<bindings>
  <webHttpBinding>
    <binding name="WebHttpBinding_Conf">
      <security mode="Transport">
        <transport clientCredentialType="Certificate"/>
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<client>
  <endpoint address="https://mymachine:8088/Service" behaviorConfiguration="ClientBehavior"
      binding="webHttpBinding" bindingConfiguration="WebHttpBinding_Conf"
      contract="RESTfulLib.IService" name="WebHttpBinding_NAme" />
</client>

  <system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp />
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceCredentials>
        <serviceCertificate storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="7975794831242F2D39ED3B1BC8323EAF5DA2CA11" storeName="My"/>
      </serviceCredentials>
      <serviceDebug includeExceptionDetailInFaults="True"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <webHttpBinding>
    <binding name="WebHttpBinding_Conf">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service name="RESTfulLib.Service" behaviorConfiguration="ServiceBehavior">
    <host>
      <baseAddresses>
        <add baseAddress="https://mymachine:8088/Service"/>
      </baseAddresses>
    </host>
    <endpoint address="" behaviorConfiguration="web" binding="webHttpBinding" bindingConfiguration="WebHttpBinding_Conf" contract="RESTfulLib.IService">
    </endpoint>
  </service>
</services>
启用详细的WCF日志表明,我们在握手时出现了以下错误:

System.Net Error: 0 : [11504] Decrypt returned SEC_I_RENEGOTIATE.
我尝试过设置,但这也没有帮助:

            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
证书也被复制到受信任的根CAs存储,并且有一个ServicePointManager.ServerCertificateValidationCallback,它在所有情况下都返回true(!)

如有任何答复,将不胜感激。
谢谢

由于您的证书是自签名的,因此您必须为您的客户机添加一些额外的代码

在实例化WCF客户端之前,应添加:

ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;
TrustAllCertificatesCallback是一种执行服务证书验证的回调方法。以下是一个示例:

internal static bool TrustAllCertificatesCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{
   X509Certificate2 certificate = new X509Certificate2(cert);
   return certificate.Verify();
}
您还必须在受信任的根证书颁发机构证书存储中安装证书,并最终添加到客户端端点配置中:

<client>
  <endpoint address="https://mymachine:8088/Service" behaviorConfiguration="ClientBehavior"
      binding="webHttpBinding" bindingConfiguration="WebHttpBinding_Conf"
      contract="RESTfulLib.IService" name="WebHttpBinding_NAme">
    <identity>
      <dns value="<<<your certificate name>>>" />
    </identity>
  </endpoint>
</client>
您必须确保您的证书已正确安装并配置为可访问:

  • 您首先必须在本地计算机Peronnal存储中导入证书的私钥,而不是在当前用户Personnal存储中。如果服务帐户必须使用证书,这一点很重要

  • 如果使用自签名证书,请确保公共证书安装在本地计算机受信任的根权限存储中

  • 允许用户访问您的证书:右键单击专用证书(本地计算机/个人),选择“所有任务”,然后管理私钥

    • Rom,我已经有一个ServicePointManager.ServerCertificateValidationCallback,它在所有情况下都返回true(!)。将证书(两者)复制到受信任的根CA。其次,我需要将xml放在哪里?您是否激活了WCF跟踪?是的,这是相同的错误:System.Net错误:0:[10796]解密返回的SEC_I_重新协商。System.Net信息:0:[12032]SecureChannel#30384602-我们有用户提供的证书。服务器已指定133个颁发者。正在查找与任何发行人匹配的证书。系统.Net信息:0:[12032]SecureChannel#30384602-剩下0个客户端证书可供选择。您在客户端计算机上的何处安装了证书?客户端和服务器都在同一台计算机上。证书在这台普通机器上。 
    <client>
  <endpoint address="https://mymachine:8088/Service" behaviorConfiguration="ClientBehavior"
      binding="webHttpBinding" bindingConfiguration="WebHttpBinding_Conf"
      contract="RESTfulLib.IService" name="WebHttpBinding_NAme">
    <identity>
      <dns value="<<<your certificate name>>>" />
    </identity>
  </endpoint>
</client>