WCF customBinding与客户端证书
我正在尝试创建一个WCF customBinding与客户端证书,wcf,soap,certificate,Wcf,Soap,Certificate,我正在尝试创建一个customBinding,以使用SOAP 1.2、TLS和客户端证书调用web服务。据我所知,这只适用于customBinding 我定义了以下行为: <behaviors> <endpointBehaviors> <behavior name="TehRightBehaviour"> <clientCredentials> <serviceC
customBinding
,以使用SOAP 1.2、TLS和客户端证书调用web服务。据我所知,这只适用于customBinding
我定义了以下行为:
<behaviors>
<endpointBehaviors>
<behavior name="TehRightBehaviour">
<clientCredentials>
<serviceCertificate>
<defaultCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
<authentication revocationMode="NoCheck" certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
客户端确实找到了证书,如果我指定了错误的名称,它将引发错误。我的装订看起来像:
<customBinding>
<binding name="TehRealBinding">
<transactionFlow />
<textMessageEncoding messageVersion="Soap12" />
<security authenticationMode="MutualCertificate" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
我在结尾处将其结合起来,如:
<client>
<endpoint address="https://hestia1:8081/cm/main"
behaviorConfiguration="TehRightBehaviour"
binding="customBinding"
bindingConfiguration="TehRealBinding"
contract="BrightMain.CMMainService"
name="cmmain" />
</client>
问题是,如果我调用web服务,它会引发一个异常,即
“未提供客户端证书。请在ClientCredentials中指定客户端证书。”
我发现有几点需要指定证书,显然我使用了错误的证书。所以我的问题是:哪一个是正确的
提前感谢,,
克里斯托夫
编辑:也许,我应该学习阅读,因为指定
显然是不够的。我现在检查一下…我应该是这样的
<behavior name="TehRightBehaviour">
<clientCredentials>
<!-- clientCertificate not defaultCertificate -->
<clientCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication revocationMode="NoCheck" certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
我在“个人”下安装了证书,并使用了以下代码,它对我有效
X509Store keystore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
keystore.Open(OpenFlags.ReadOnly);
var certificates = keystore.Certificates;
foreach (var certificate in certificates)
{
var friendlyName = certificate.FriendlyName;
var xname = certificate.GetName();
}
X509Certificate certificatex = certificates[0];
X509Certificate2Collection certs = keystore.Certificates.Find(X509FindType.
FindBySubjectName, "Name of subject", false);
然后,您将在客户端请求中传递它
xyzClient.ClientCredentials.ClientCertificate.Certificate = certs[0];
与此同时,我自己也发现了这一点。另外:至少在我的例子中,标签中的字符也是必需的。