WCF双向ssl不工作_Wcf_Security_Authentication_Ssl

WCF双向ssl不工作

wcf security authentication ssl

WCF双向ssl不工作,wcf,security,authentication,ssl,Wcf,Security,Authentication,Ssl,我是WCF的新手。我已经为客户机创建了一个自托管的WCF服务器，它是一个JavaREST客户机。客户端和服务器之间的通信应通过两端的ssl证书进行相互身份验证。因此，在通信过程中，客户端需要发送证书。客户端证书需要在服务器上进行自定义验证。我认为单向通信正常，但服务器无法验证客户端证书。实际上，自定义验证器代码不是自己执行的 <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <

我是WCF的新手。我已经为客户机创建了一个自托管的WCF服务器，它是一个JavaREST客户机。客户端和服务器之间的通信应通过两端的ssl证书进行相互身份验证。因此，在通信过程中，客户端需要发送证书。客户端证书需要在服务器上进行自定义验证。我认为单向通信正常，但服务器无法验证客户端证书。实际上，自定义验证器代码不是自己执行的

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

在服务器跟踪中，我看到两次未找到配置评估上下文，我猜配置文件存在一些问题

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

我的配置文件如下：

<configuration>
  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel"
              switchValue="All, ActivityTracing"
              propagateActivity="true">
        <listeners>
          <add name="xml" />
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\log\Traces.svclog" />
    </sharedListeners>
    <trace autoflush="true"/>
  </system.diagnostics>
  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="mybinding">
          <transactionFlow />
          <textMessageEncoding />
          <httpsTransport requireClientCertificate="true" />
          <security authenticationMode="MutualSslNegotiated"/>
        </binding>
      </customBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="behaviour">
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="Custom" customCertificateValidatorType="myproject.MyX509CertificateValidator,myproject"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="myHost" behaviorConfiguration="behaviour">
        <endpoint address="" contract="IIWCFServer" binding="customBinding" bindingConfiguration="mybinding" />
        <endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding"/>
      </service>
    </services>
    <diagnostics>
      <messageLogging logEntireMessage="true"
                      logMessagesAtServiceLevel="true"
                      logMessagesAtTransportLevel="true"
                      logMalformedMessages="true"
                      maxMessagesToLog="5000"
                      maxSizeOfMessageToLog="2000">
      </messageLogging>
    </diagnostics>
  </system.serviceModel>
</configuration>

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

String port = 443;
String certificateSubject = "Mymachine";
String urlString = String.Format("https://{0}:{1}/",System.Net.Dns.GetHostEntry("").HostName, port);
Uri httpUrl = new Uri(urlString);
ServiceHost host = new WebServiceHost(typeof(mynamespace.myclass), httpUrl);

WebHttpBinding wsBinding = new WebHttpBinding();
wsBinding.Security.Mode = WebHttpSecurityMode.Transport;
wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

host.Credentials.ServiceCertificate.SetCertificate(
                                                    StoreLocation.LocalMachine,
                                                    StoreName.My,
                                                    X509FindType.FindBySubjectName,
                                                    certificateSubject);


host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
host.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator();

host.AddServiceEndpoint(typeof(myinterface), wsBinding, httpUrl);

我已经阅读了100多篇文章，但没有找到解决方案。任何建议都会有帮助

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

XML异常的详细信息如下所示。请让我知道，以防我可以从任何其他地方获得错误详细信息

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

为我工作的代码如下：

<configuration>
  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel"
              switchValue="All, ActivityTracing"
              propagateActivity="true">
        <listeners>
          <add name="xml" />
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\log\Traces.svclog" />
    </sharedListeners>
    <trace autoflush="true"/>
  </system.diagnostics>
  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="mybinding">
          <transactionFlow />
          <textMessageEncoding />
          <httpsTransport requireClientCertificate="true" />
          <security authenticationMode="MutualSslNegotiated"/>
        </binding>
      </customBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="behaviour">
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="Custom" customCertificateValidatorType="myproject.MyX509CertificateValidator,myproject"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="myHost" behaviorConfiguration="behaviour">
        <endpoint address="" contract="IIWCFServer" binding="customBinding" bindingConfiguration="mybinding" />
        <endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding"/>
      </service>
    </services>
    <diagnostics>
      <messageLogging logEntireMessage="true"
                      logMessagesAtServiceLevel="true"
                      logMessagesAtTransportLevel="true"
                      logMalformedMessages="true"
                      maxMessagesToLog="5000"
                      maxSizeOfMessageToLog="2000">
      </messageLogging>
    </diagnostics>
  </system.serviceModel>
</configuration>

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

String port = 443;
String certificateSubject = "Mymachine";
String urlString = String.Format("https://{0}:{1}/",System.Net.Dns.GetHostEntry("").HostName, port);
Uri httpUrl = new Uri(urlString);
ServiceHost host = new WebServiceHost(typeof(mynamespace.myclass), httpUrl);

WebHttpBinding wsBinding = new WebHttpBinding();
wsBinding.Security.Mode = WebHttpSecurityMode.Transport;
wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

host.Credentials.ServiceCertificate.SetCertificate(
                                                    StoreLocation.LocalMachine,
                                                    StoreName.My,
                                                    X509FindType.FindBySubjectName,
                                                    certificateSubject);


host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
host.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator();

host.AddServiceEndpoint(typeof(myinterface), wsBinding, httpUrl);

您能提供例外情况的详细信息吗？参考您是否尝试在配置中提供端点地址，因为mex端点需要主机基址？为什么使用authenticationMode=mutualsl协商而不是authenticationMode=MutualCertificate？感谢您的回复，实际上，我不太清楚authenticationMode=MutualCertificate/mutualCertificatedPlex/mutualsl协商之间的区别。我尝试使用其他选项，但得到了相同的结果。如何调用WCF服务？如何在客户端添加证书？您能指定客户端绑定、配置等吗？您可以使用诸如Fiddler或Soap UI之类的工具来实际查看对您的服务的调用生产环境将有java客户端，但目前为了进行测试，我使用c中的System.Net.HttpWebRequest类向WCF服务器发出请求，我正在将证书作为webRequest.ClientCertificates.AddclientCert添加到客户端。我不知道您对此有多满意，但您可以轻松使用WPF或Winforms客户端-向其添加WCF服务引用-将证书包含在配置中-在客户端中启动跟踪和记录，并检查服务是否实际被调用。您提到的警告通常是由于缺少绑定扩展而出现的。到目前为止，我建议您删除相互证书要求，查看服务是否使用基本配置工作，然后逐步添加这些配置。