WCF双向ssl不工作
我是WCF的新手。我已经为客户机创建了一个自托管的WCF服务器,它是一个JavaREST客户机。客户端和服务器之间的通信应通过两端的ssl证书进行相互身份验证。因此,在通信过程中,客户端需要发送证书。客户端证书需要在服务器上进行自定义验证。 我认为单向通信正常,但服务器无法验证客户端证书。实际上,自定义验证器代码不是自己执行的WCF双向ssl不工作,wcf,security,authentication,ssl,Wcf,Security,Authentication,Ssl,我是WCF的新手。我已经为客户机创建了一个自托管的WCF服务器,它是一个JavaREST客户机。客户端和服务器之间的通信应通过两端的ssl证书进行相互身份验证。因此,在通信过程中,客户端需要发送证书。客户端证书需要在服务器上进行自定义验证。 我认为单向通信正常,但服务器无法验证客户端证书。实际上,自定义验证器代码不是自己执行的 <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
在服务器跟踪中,我看到两次未找到配置评估上下文,我猜配置文件存在一些问题
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
我的配置文件如下:
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="All, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\log\Traces.svclog" />
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="mybinding">
<transactionFlow />
<textMessageEncoding />
<httpsTransport requireClientCertificate="true" />
<security authenticationMode="MutualSslNegotiated"/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="behaviour">
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="myproject.MyX509CertificateValidator,myproject"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="myHost" behaviorConfiguration="behaviour">
<endpoint address="" contract="IIWCFServer" binding="customBinding" bindingConfiguration="mybinding" />
<endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding"/>
</service>
</services>
<diagnostics>
<messageLogging logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logMalformedMessages="true"
maxMessagesToLog="5000"
maxSizeOfMessageToLog="2000">
</messageLogging>
</diagnostics>
</system.serviceModel>
</configuration>
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
String port = 443;
String certificateSubject = "Mymachine";
String urlString = String.Format("https://{0}:{1}/",System.Net.Dns.GetHostEntry("").HostName, port);
Uri httpUrl = new Uri(urlString);
ServiceHost host = new WebServiceHost(typeof(mynamespace.myclass), httpUrl);
WebHttpBinding wsBinding = new WebHttpBinding();
wsBinding.Security.Mode = WebHttpSecurityMode.Transport;
wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
host.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
certificateSubject);
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
host.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator();
host.AddServiceEndpoint(typeof(myinterface), wsBinding, httpUrl);
我已经阅读了100多篇文章,但没有找到解决方案。任何建议都会有帮助
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
XML异常的详细信息如下所示。请让我知道,以防我可以从任何其他地方获得错误详细信息
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
为我工作的代码如下:
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="All, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\log\Traces.svclog" />
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="mybinding">
<transactionFlow />
<textMessageEncoding />
<httpsTransport requireClientCertificate="true" />
<security authenticationMode="MutualSslNegotiated"/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="behaviour">
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="myproject.MyX509CertificateValidator,myproject"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="myHost" behaviorConfiguration="behaviour">
<endpoint address="" contract="IIWCFServer" binding="customBinding" bindingConfiguration="mybinding" />
<endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding"/>
</service>
</services>
<diagnostics>
<messageLogging logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logMalformedMessages="true"
maxMessagesToLog="5000"
maxSizeOfMessageToLog="2000">
</messageLogging>
</diagnostics>
</system.serviceModel>
</configuration>
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
String port = 443;
String certificateSubject = "Mymachine";
String urlString = String.Format("https://{0}:{1}/",System.Net.Dns.GetHostEntry("").HostName, port);
Uri httpUrl = new Uri(urlString);
ServiceHost host = new WebServiceHost(typeof(mynamespace.myclass), httpUrl);
WebHttpBinding wsBinding = new WebHttpBinding();
wsBinding.Security.Mode = WebHttpSecurityMode.Transport;
wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
host.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
certificateSubject);
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
host.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator();
host.AddServiceEndpoint(typeof(myinterface), wsBinding, httpUrl);
您能提供例外情况的详细信息吗?参考您是否尝试在配置中提供端点地址,因为mex端点需要主机基址?为什么使用authenticationMode=mutualsl协商而不是authenticationMode=MutualCertificate?感谢您的回复,实际上,我不太清楚authenticationMode=MutualCertificate/mutualCertificatedPlex/mutualsl协商之间的区别。我尝试使用其他选项,但得到了相同的结果。如何调用WCF服务?如何在客户端添加证书?您能指定客户端绑定、配置等吗?您可以使用诸如Fiddler或Soap UI之类的工具来实际查看对您的服务的调用生产环境将有java客户端,但目前为了进行测试,我使用c中的System.Net.HttpWebRequest类向WCF服务器发出请求,我正在将证书作为webRequest.ClientCertificates.AddclientCert添加到客户端。我不知道您对此有多满意,但您可以轻松使用WPF或Winforms客户端-向其添加WCF服务引用-将证书包含在配置中-在客户端中启动跟踪和记录,并检查服务是否实际被调用。您提到的警告通常是由于缺少绑定扩展而出现的。到目前为止,我建议您删除相互证书要求,查看服务是否使用基本配置工作,然后逐步添加这些配置。