编辑:我有点忘了这个问题!我最终重新映射配置,错误消失了,我找不到原因。
我有一个托管在 IIS 上的 WCF 服务,以及一个尝试连接到它的 Windows 窗体客户端。
WCF 服务应该是安全的,因此 IIS 网络应用程序被配置为使用由域(CA 在域上)颁发给我们开发环境的“本地主机”的证书。
IIS 上的 SSL 设置设置为“需要 SSL”和“客户端证书 = 需要”。
WCF服务使用自定义绑定(bind),在web.config中配置如下:
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
</diagnostics>
<services>
<service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<!--<host>
<baseAddresses>
<add baseAddress="http://localhost:8999/" />
</baseAddresses>
</host>-->
</service>
</services>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration">
<MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SpecificBehaviorType">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
为了使客户端能够连接到服务,我们将“localhost”证书导出为“localhost.cer”文件并在我们的代码中使用该文件(这应该是另一个特定于客户端的可信证书,但我们正在使用用于测试目的的本地主机)。 客户端配置以编程方式完成(据我所知没有具体原因)。
客户端代码如下:
Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
'TODO: set quotas for message size
Dim binding As New CustomBinding()
binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
'TODO: make configurable to support both http and https
If isHttps Then
Dim httpsBinding As New HttpsTransportBindingElement
binding.Elements.Add(httpsBinding)
Else
Dim transport As New HttpTransportBindingElement()
binding.Elements.Add(transport)
End If
Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))
channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))
If isHttps Then
For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
Exit For
End If
Next
End If
channelFactory.Open()
Dim channel = channelFactory.CreateChannel()
channel.Open()
现在的问题是,一旦我们尝试建立连接,我们就会得到“HTTP 请求被客户端身份验证方案‘匿名’禁止”
我们试图改变:
httpsBinding.AuthenticationScheme
但没用。
我错过了什么?
最佳答案
您是否尝试配置 IIS 客户端证书映射? 看看这篇文章http://www.iis.net/configreference/system.webserver/security/authentication/iisclientcertificatemappingauthentication
关于WCF 错误 "HTTP request was forbidden with client authentication scheme ' 匿名'”,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15288078/