c# - 带有 X.509 证书连接错误的 Wcf 自托管服务

Question

我有一个在 Windows XP 上运行的自托管 Wcf 服务，我正在尝试使用证书来确保消息安全。这是通过服务和客户端配置文件完成的。服务和客户端都在同一台机器上运行，我已经使用 makecert.exe 为两者创建了证书。当我有 clientCredentialType="Windows"时这工作正常但是当我修改配置文件以使用证书时它不再工作。问题是当我尝试从客户端连接到服务时出现以下异常:

异常类型:System.ServiceModel.Security.SecurityNegotiationException，System.ServiceModel，Version=3.0.0.0，Culture=neutral，PublicKeyToken=b77a5c561934e089

消息:传入的二进制协商具有无效的 ValueType http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego .

我的配置设置是:

服务配置:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBinding0" closeTimeout="00:10:00" sendTimeout="00:10:00">
          <security>
            <!-- <transport clientCredentialType="Certificate"/> -->
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="CommMgr.ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
            <!--
              <authentication certificateValidationMode="PeerTrust"/>
              -->
              <authentication certificateValidationMode="None"/>
            </clientCertificate>           
            <serviceCertificate findValue="WcfServer" storeLocation="CurrentUser"
              storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="CommMgr.Service" behaviorConfiguration="CommMgr.ServiceBehavior">
        <endpoint address="http://localhost:8002/Service"
                  binding="wsHttpBinding"
                  name="DataService"
                  bindingNamespace="CommMgr"
                  contract="CommMgr.Service"
                  bindingConfiguration="wsHttpBinding0">
          <!--
          <identity>
            <dns value="localhost"/>
          </identity>  
          -->
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8080/Service/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <connectionStrings>
</configuration>

客户端配置:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_Service" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="16384" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <!-- <transport clientCredentialType="Certificate"/> -->
                      <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
                      <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
                                 algorithmSuite="Default" establishSecurityContext="true"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
      <behaviors>
        <endpointBehaviors>
          <behavior name="ClientCertificateBehavior">
            <clientCredentials>
              <clientCertificate findValue="WcfClient" storeLocation="CurrentUser"
                storeName="My" x509FindType="FindBySubjectName" />
              <serviceCertificate>
                <!--
                <authentication certificateValidationMode="PeerTrust"/>
                -->
                <authentication certificateValidationMode="None"/>
              </serviceCertificate>              
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
        <client>
            <endpoint address="http://localhost:8080/Service" behaviorConfiguration="ClientCertificateBehavior"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Service"
                contract="ServiceReference.Service" name="WSHttpBinding_Service">
                <identity>
                    <!-- <dns value="WcfServer" /> -->
                  <certificate encodedValue="MIIBuTCCAWOgAwIBAgIQD6mW56bjgapOill7ECgRMzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0xMDA3MjAxODMwMThaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdjZkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv2p/0NDo4iZU35gN+k7nGXe0LZWdnP9i4MHYD3IsFcZGIamMyXwRT8//3jx+1fs1xEb+8+QbZuj8TXt/7aX6x2kz2O5tynuholP35iObDqOd7nYSXN+70QDrZ/uktPOkLrw/nfrA8sK0aZCZjfiINHCRt/izJIzESOGzDOh1if0CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EALA+gVZDyjk4+qL7zAEV8esMX38X5QKGXHxBdd6K1+xApnSU79bRCWI9xU+HZ4rRhRJgtOdGQ1qfc9/WfvWXcYw=="/>
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

Answer 1

尝试关闭绑定(bind)中的 negotiateServiceCredential 设置:

<wsHttpBinding>
  <binding >
    <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false" />
    </security>
  </binding>
</wsHttpBinding>