使用X509证书保护WCF服务
我正在处理的场景涉及一个ASP.NET web应用程序与一个具有NetCPBinding的自托管WCF服务进行通信。这两个组件位于不同的计算机上。web服务器是DMZ中的独立计算机,与应用程序服务器没有信任关系 我希望通信在传输级别得到保护。据我所知,如果客户端和应用服务器都安装了合适的X509证书,它们可以相互验证,并且数据交换也可以加密 我为web服务器配置了ClientAuthentication证书,并为应用服务器配置了ServerAuthentication证书。在每种情况下,证书都存储在LocalMachine\My存储中。我已确保私钥可用于所有证书,并且应用程序池标识和内置\本地标识(分别在web和应用程序服务器上)可完全访问私钥。我还将证书的公钥部分(即..cer文件)复制到另一台服务器上的LocalMachine\TrustedPeople存储区 配置如下所示: 应用服务器使用X509证书保护WCF服务,wcf,authentication,encryption,x509certificate,transport-security,Wcf,Authentication,Encryption,X509certificate,Transport Security,我正在处理的场景涉及一个ASP.NET web应用程序与一个具有NetCPBinding的自托管WCF服务进行通信。这两个组件位于不同的计算机上。web服务器是DMZ中的独立计算机,与应用程序服务器没有信任关系 我希望通信在传输级别得到保护。据我所知,如果客户端和应用服务器都安装了合适的X509证书,它们可以相互验证,并且数据交换也可以加密 我为web服务器配置了ClientAuthentication证书,并为应用服务器配置了ServerAuthentication证书。在每种情况下,证书都存
<services>
<service behaviorConfiguration="DefaultServiceBehavior" name="Evs.Application.Services.XXXXXProvider">
<endpoint address="net.tcp://localhost:8000/Evs.Application.Services/XXXXXServiceCert"
binding="netTcpBinding" bindingConfiguration="SecureCertificateNetTcpBinding" contract="Evs.Application.Contracts.IXXXXXProvider"
behaviorConfiguration="endpointBehavior"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="xxxxxxxxxxxxxx"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<binding name="SecureNetTcpBinding">
<security mode="Transport" />
</binding>
<binding name="SecureCertificateNetTcpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://app-ext-01.prod.mydomain.com:8000/Evs.Application.Services/XXXXXServiceCert"
behaviorConfiguration="secureEndPointBehaviour" binding="netTcpBinding"
bindingConfiguration="SecureCertificateNetTcpBinding" contract="Evs.Application.Contracts.IXXXXXProvider"
name="XXXXXProvider"/>
<client>
<behaviors>
<endpointBehaviors>
<behavior name="secureEndPointBehaviour">
<clientCredentials>
<clientCertificate findValue= "xxxxxxxxxxxxxxxxxxx"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindByThumbprint"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="SecureCertificateNetTcpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
有人能建议我需要对该配置执行哪些操作才能使其正常工作吗?我认为您缺少: 服务器端
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
客户端
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
我相信您缺少服务器上的serviceCresidences\clientCertificate\authentication
节点和客户端上的clientCredentials\serviceCertificate\authentication
节点(两者都应该是certificateValidationMode=“PeerTrust”
IIRC)。是的,您找到了!把它挂起来,我会把它标记为答案。太好了。正是这样。