我有 WCF 服务。我要求客户使用证书进行身份验证。
这是服务配置:
<system.serviceModel>
<services>
<service name="FilmLibrary.FilmManager" behaviorConfiguration="FilmService.Service1Behavior">
<endpoint address="manager" name="certBinding" binding="basicHttpBinding" contract="FilmContract.IFilmManager" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="certBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="FilmService.Service1Behavior">
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
公钥安装在LocalMachine, Trusted People
客户端配置如下:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="certBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="certBehaviour">
<clientCredentials>
<clientCertificate findValue="SubjectKey" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="[...]/Service1.svc/manager"
binding="basicHttpBinding" bindingConfiguration="certBinding" behaviorConfiguration="certBehaviour"
contract="FilmsService.IFilmManager" name="certBinding" />
</client>
</system.serviceModel>
私钥安装在个人、当前用户中。
没有安全性,服务就起作用了。启用安全性 - 它没有。我尝试了几种配置,但遇到了诸如身份验证失败或必须在 clientCredentials 元素中设置服务证书之类的错误。我不明白,因为我根本不想验证服务。
最佳答案
我发现以下指南非常有用且非常详细。
https://notgartner.wordpress.com/2007/09/06/using-certificate-based-authentication-and-protection-with-windows-communication-foundation-wcf/
它包括创建服务、客户端、证书和调整 2 个配置。
服务器:
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<!--only accept certificates in "Trusted People"-->
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
客户:
<bindings>
<basicHttpBinding>
<binding name="customBinding1">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="customBehavior1">
<clientCredentials>
<!--fabrkam-->
<clientCertificate storeName="My" storeLocation="CurrentUser" x509FindType="FindByThumbprint" findValue="d2 31 6a 73 1b 59 68 3e 74 41 09 27 8c 80 e2 61 45 03 b1 7e"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
我们将任何 HTTP 请求自动重定向到 HTTPS,因此我们必须使用 TransportWithMessageCredential 类型安全性。对于仅使用 Message 作为安全类型的普通 Http 也应该有效。
关于wcf - 如何设置 WCF 安全以要求客户端证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/1853123/