我已经创建了一个 wcf 数据服务并通过 HTTP 公开它,需要 SSL。 我正在尝试进行设置,其中服务和客户端都通过证书进行身份验证(相互身份验证)。 我正在使用开发人员证书。 所以,我将服务器的证书添加到客户端的可信人员存储中。
但我仍然遇到异常:“403 - 禁止访问:访问被拒绝。”
1- 这是我的服务器配置:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
</behaviors>
<services>
<service behaviorConfiguration="" name="PricingDataService">
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
name="webHttpEndpoint" contract="System.Data.Services.IRequestHandler" />
</service>
</services>
How do I make the server to recognise the client's certificate ? (it should be a developer certificate as well).
2- 这是我的客户端配置:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCredentialBehavior">
<clientCredentials>
<clientCertificate storeName="TrustedPeople" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="tempClientcert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
contract="System.Data.Services.IRequestHandler" name="" kind=""
endpointConfiguration="" behaviorConfiguration="clientCredentialBehavior">
<identity>
<dns value="MyServiceSecure"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
3- 这是我用来调用 wcf 代码的代码:
> MyServiceContext service = new MyServiceContext (
new Uri("https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"));
service.SendingRequest += this.OnSendingRequest_AddCertificate;
//
private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
{
if (null != ClientCertificate)
(args.Request as HttpWebRequest).ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\Localhost.cer"););
}
do I create a certificate on the server and then install it on the client ?
最佳答案
我认为您的证书可能有误,但首先要在 IIS 中验证网站“SSL 设置”下的“客户端证书”是否设置为接受或要求(以最适合您的方式)。
我相信出于您的目的,在 IIS 中为服务器创建自签名证书,然后将此证书导出到 .pfx 文件并将其安装在您受信任的根中应该可行。
如果这对您没有帮助,我会看看这个问题:Using makecert for Development SSL
关于c# - WCF 和 SSL 相互身份验证 403 - 禁止 : Access is denied,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5572566/