<分区>
我需要通过 SSL 使用 WCF 服务,而请求需要使用一个证书进行签名,响应需要使用另一个证书进行验证。
我在执行代码时遇到这个错误:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
根据 WCF 跟踪,它在尝试验证响应签名时失败,因为我可以看到来自服务器的响应。
这是我的 WCF 服务设置:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="true"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
<endToEndTracing propagateActivity="true" activityTracing="true"
messageFlowTracing="true" />
</diagnostics>
<behaviors>
<endpointBehaviors>
<behavior name="CHClientCertificateBehavior">
<clientCredentials supportInteractive="true">
<clientCertificate findValue="clientcert" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="servercert" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="DPBasicHttpBindingWithSSL" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:02:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2097152" maxBufferSize="524288" maxReceivedMessageSize="524288"
textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"
messageEncoding="Text">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="DPCustomHttpBindingWithSSL">
<security authenticationMode="CertificateOverTransport" allowSerializedSigningTokenOnReply="true" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false"
securityHeaderLayout="Lax" />
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport maxBufferPoolSize="2097152" maxBufferSize="524288" maxReceivedMessageSize="524288" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://myserver/service.asmx"
behaviorConfiguration="CHClientCertificateBehavior" binding="customBinding"
bindingConfiguration="DPCustomHttpBindingWithSSL" contract="ServiceRef.smssoap"
name="smsEndpoint">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="myserver" />
</identity>
</endpoint>
</client>
</system.serviceModel>
如您所见,我尝试了 basicHttpBinding 和 customBinding(使用在线工具 http://webservices20.cloudapp.net/default.aspx 转换),我尝试设置不同的设置组合变体,但仍然出现此错误。
有什么想法吗?取消响应证书签名验证也是一个选项,但是我该如何设置呢??