具有WSHttpBinding、消息安全性、clientCredentialType=”的WCF;用户名";证书自托管问题
我已经创建了一个服务,需要客户端传递凭据(用户名和密码)。这种行为需要一个X509证书,因此我开始使用makecert.exe自签名证书来解决开发问题 因为我对证书非常熟悉,所以我看到这个证书是在IIS服务器证书部分创建的,我需要我的服务稍后在windows服务上自托管,出于测试目的,我使用一个控制台主机应用程序和一个简单的winform应用程序客户端 所以我的问题是,如何部署此证书?无论如何,我不想在中使用IIS,我可以将证书嵌入到控制台/windows服务主机中我注意到可以导出为.pfx文件的位置?怎么做 我正在发布我的服务和客户端配置文件,以帮助了解我需要什么 服务器配置:具有WSHttpBinding、消息安全性、clientCredentialType=”的WCF;用户名";证书自托管问题,wcf,deployment,embed,wcf-security,x509certificate,Wcf,Deployment,Embed,Wcf Security,X509certificate,我已经创建了一个服务,需要客户端传递凭据(用户名和密码)。这种行为需要一个X509证书,因此我开始使用makecert.exe自签名证书来解决开发问题 因为我对证书非常熟悉,所以我看到这个证书是在IIS服务器证书部分创建的,我需要我的服务稍后在windows服务上自托管,出于测试目的,我使用一个控制台主机应用程序和一个简单的winform应用程序客户端 所以我的问题是,如何部署此证书?无论如何,我不想在中使用IIS,我可以将证书嵌入到控制台/windows服务主机中我注意到可以导出为.pfx文件
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="B2B.WCF.Service.B2BService" behaviorConfiguration="wsBehavior">
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wsBehavior">
<serviceMetadata httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="B2B.WCF.Service.UserValidator, B2B.WCF.Service" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<client>
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding" behaviorConfiguration="wsBehavior"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
<identity>
<dns value="MyServerCert"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="wsBehavior">
<clientCredentials>
<clientCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="B2B.WCF.Service.B2BService" behaviorConfiguration="wsBehavior">
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wsBehavior">
<serviceMetadata httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="B2B.WCF.Service.UserValidator, B2B.WCF.Service" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<client>
<endpoint name="WSHttpEndpointB2B"
bindingConfiguration="WSBinding" behaviorConfiguration="wsBehavior"
address ="http://localhost:8768/ServB2B"
binding="wsHttpBinding"
contract="B2B.WCF.Contracts.IB2BContracts">
<identity>
<dns value="MyServerCert"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="wsBehavior">
<clientCredentials>
<clientCertificate findValue="MyServerCert" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
Thanx提前您的证书需要导入托管您的web服务的计算机(即“服务器”)上的Windows证书存储,以及(可选)使用您的web服务的计算机(即“客户端”,如果它是另一台计算机) 您应该使用Microsoft管理控制台(MMC)来执行此操作。首先,您应该根据文章进行设置。然后根据本文中的步骤导入证书。确保为客户端证书(即“个人”)和根证书(即“受信任的根证书颁发机构”)选择了正确的存储
除非找到配置文件中引用的正确证书,否则web服务不会启动。在您的情况下,这是您希望存储在“个人”存储中的
“MyServerCert”
证书。是的,但我不建议这样做。证书管理应该在外部完成。