我是 WCF 的新手。我为客户端创建了一个自托管的 WCF 服务器,它是一个 Java 休息客户端。客户端和服务器之间的通信应该通过两端的 ssl 证书相互认证。因此在通信过程中,客户端需要发送证书。客户端证书需要在服务器上进行自定义验证。 我认为单向通信进行得很好,但服务器无法验证客户端证书。实际上,自定义验证器代码并未自行执行。
在服务器跟踪中,我看到两次“找不到配置评估上下文”,猜测配置文件有问题
我的配置文件如下:
<configuration>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="All, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\log\Traces.svclog" />
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="mybinding">
<transactionFlow />
<textMessageEncoding />
<httpsTransport requireClientCertificate="true" />
<security authenticationMode="MutualSslNegotiated"/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="behaviour">
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="myproject.MyX509CertificateValidator,myproject"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="myHost" behaviorConfiguration="behaviour">
<endpoint address="" contract="IIWCFServer" binding="customBinding" bindingConfiguration="mybinding" />
<endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding"/>
</service>
</services>
<diagnostics>
<messageLogging logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logMalformedMessages="true"
maxMessagesToLog="5000"
maxSizeOfMessageToLog="2000">
</messageLogging>
</diagnostics>
</system.serviceModel>
</configuration>
我已经浏览了 100 多篇文章,但无法找到解决方案。任何建议都会有所帮助。
XML 异常的详细内容如下。如果我可以从任何其他地方获取错误详细信息,请告诉我。
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>524312</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2014-04-21T09:09:53.2168282Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{28fb55cc-1d5f-4a5a-a76e-5939a733b8f1}" />
<Execution ProcessName="testServer.vshost" ProcessID="2368" ThreadID="9" />
<Channel />
<Computer>WGP-PRINT-145</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-IN/library/System.ServiceModel.EvaluationContextNotFound.aspx</TraceIdentifier>
<Description>Configuration evaluation context not found.</Description>
<AppDomain>testServer.vshost.exe</AppDomain>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
最佳答案
对我有用的代码如下:
String port = 443;
String certificateSubject = "Mymachine";
String urlString = String.Format("https://{0}:{1}/",System.Net.Dns.GetHostEntry("").HostName, port);
Uri httpUrl = new Uri(urlString);
ServiceHost host = new WebServiceHost(typeof(mynamespace.myclass), httpUrl);
WebHttpBinding wsBinding = new WebHttpBinding();
wsBinding.Security.Mode = WebHttpSecurityMode.Transport;
wsBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
host.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
certificateSubject);
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
host.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator();
host.AddServiceEndpoint(typeof(myinterface), wsBinding, httpUrl);
关于WCF 2-way ssl 不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23192549/