使用SSL的WCF服务
我知道SSL证书用于应用程序的安全目的,因此数据传输应采用加密形式。据我所知,我们必须在应用程序的主机服务器中安装SSL证书 这些天我在WCF服务公司工作。客户希望我们使用SSL证书提供WCF服务 我想知道的是,对于SSL证书,是否需要在代码级别执行任何操作。我将在IIS中托管我的服务 使用SSL证书配置WCF服务的步骤是什么 我知道知之甚少总是危险的 请详细说明使用SSL的WCF服务,wcf,ssl,Wcf,Ssl,我知道SSL证书用于应用程序的安全目的,因此数据传输应采用加密形式。据我所知,我们必须在应用程序的主机服务器中安装SSL证书 这些天我在WCF服务公司工作。客户希望我们使用SSL证书提供WCF服务 我想知道的是,对于SSL证书,是否需要在代码级别执行任何操作。我将在IIS中托管我的服务 使用SSL证书配置WCF服务的步骤是什么 我知道知之甚少总是危险的 请详细说明 提前感谢。要为双向SSL配置服务,请执行以下步骤: 创建一个已映射https绑定的网站 当https绑定映射到网站时,它要求提供服务
提前感谢。要为双向SSL配置服务,请执行以下步骤:
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
有关如何实现和使用自定义证书验证器的一些代码:
public class CustomX509CertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
// This Validation function accepts any X.509 Certificate that is self-issued. As anyone can construct such
// a certificate this custom validator is less secure than the default behavior provided by the
// ChainTrust X509CertificateValidationMode. The security implications of this should be carefully
// considered before using this validation logic in production code.
public override void Validate(X509Certificate2 certificate)
{
// Check that we have been passed a certificate
if (certificate == null)
throw new ArgumentNullException("certificate");
// Only accept self-issued certificates
if (certificate.Subject != certificate.Issuer)
throw new SecurityTokenException("Certificate is not self-issued");
}
}
现在,在您的WCF服务配置文件中,使用自定义证书验证程序如下所示:
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<!--
The serviceCredentials behavior allows one to specify authentication constraints on client certificates.
-->
<clientCertificate>
<!--
Setting the certificateValidationMode to Custom means that if the custom X509CertificateValidator
does NOT throw an exception, then the provided certificate will be trusted without performing any
validation beyond that performed by the custom validator. The security implications of this
setting should be carefully considered before using Custom in production code.
-->
<authentication certificateValidationMode="Custom" customCertificateValidatorType="X509CertificateValidator.CustomX509CertificateValidator, service"/>
</clientCertificate>
<!--
The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions.
-->
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
您想只保护通道还是同时使用SSL执行客户端身份验证?您想通过SSL进行客户端身份验证来保护通道。如果您想通过SSL进行客户端身份验证,是针对单个客户端还是可能有不同的客户端访问此服务?您的客户端最多可以有10000个…在这种情况下,您需要如果要通过证书区分每个客户端,可能需要自定义证书验证程序。实现自定义证书验证程序很简单。感谢REVERT RAJEST。我想我正在为我的服务寻找此类功能。谢谢