Wcf 未应用或使用ClientCredentials服务证书身份验证的配置
我正在构建一个.NET Core 3.1应用程序,尝试通过HTTPS调用WCF服务,并暂时禁用服务器证书的SSL身份验证 有一个明确记录的方法来实现这一点。也就是说,通过在Wcf 未应用或使用ClientCredentials服务证书身份验证的配置,wcf,.net-core,wcf-security,Wcf,.net Core,Wcf Security,我正在构建一个.NET Core 3.1应用程序,尝试通过HTTPS调用WCF服务,并暂时禁用服务器证书的SSL身份验证 有一个明确记录的方法来实现这一点。也就是说,通过在ChannelFactory类上设置ServiceCertificate.SslCertificateAuthentication属性 下面是设置het绑定、端点和客户端凭据的代码 var endpointAddress = new EndpointAddress("https://*.com"); var binding =
ChannelFactory
类上设置ServiceCertificate.SslCertificateAuthentication
属性
下面是设置het绑定、端点和客户端凭据的代码
var endpointAddress = new EndpointAddress("https://*.com");
var binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.None
};
var factory = new ChannelFactory<IService>(binding, endpointAddress);
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck
};
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
var client = factory.CreateChannel();
client.Call();
正如您在这一点上所期望的,我收到了与以前相同的异常。更糟糕的是,我的CustomCertificate.Validate(..)方法根本没有被调用
WCF似乎提供了一个API,允许进行相当多的控制,但无论我尝试什么,我的策略/配置似乎都没有得到任何尊重
这里可能发生了什么?在DotCore项目中需要SSL身份验证时,下面的代码将起作用
Uri uri = new Uri("https://vabqia969vm:21011");
BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<IService> factory = new ChannelFactory<IService>(binding, new EndpointAddress(uri));
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication()
{
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
};
//these two lines will not work.
//factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
//factory.Credentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
var client = factory.CreateChannel();
var result = client.TestAsync();
Console.WriteLine(result.Result);
Uri=新的Uri(“https://vabqia969vm:21011");
BasicHttpsBinding binding=新的BasicHttpsBinding();
binding.Security.Mode=basichtpssecuritymode.Transport;
binding.Security.Transport.ClientCredentialType=HttpClientCredentialType.None;
ChannelFactory=newchannelfactory(绑定,新端点地址(uri));
factory.Credentials.ServiceCertificateAuthentication=new System.ServiceModel.Security.X509ServiceCertificateAuthentication()
{
CertificateValidationMode=System.ServiceModel.Security.X509CertificateValidationMode.None,
RevocationMode=System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
};
//这两条线不行。
//factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode=System.ServiceModel.Security.X509CertificateValidationMode.None;
//factory.Credentials.ServiceCertificate.Authentication.RevocationMode=System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
var client=factory.CreateChannel();
var result=client.TestAsync();
Console.WriteLine(result.result);
就我而言,它工作得很好。我认为服务器端有问题。如您所知,我们应该确保客户端和服务器端之间的绑定类型是一致的。服务器端的详细信息是什么
Uri uri = new Uri("https://vabqia969vm:21011");
BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<IService> factory = new ChannelFactory<IService>(binding, new EndpointAddress(uri));
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication()
{
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
};
//these two lines will not work.
//factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
//factory.Credentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
var client = factory.CreateChannel();
var result = client.TestAsync();
Console.WriteLine(result.Result);