具有传输安全性的 WCF 自托管服务(身份验证失败,因为远程方已关闭传输流。)

发布于 2024-07-06 10:13:12 字数 555 浏览 12 评论 0原文

我有一个自托管服务,我想为其添加传输安全性。 我已将 WSHttpBinding.SecurityMode 设置为 Transport,将 ClientCredentialType 设置为 HttpClientCredentialType.None。 我已经创建了一个证书并将其设置为我的主机 ServiceHost.Credentials.ServiceCertificate.SetCertificate() 我也使用它注册了 netsh http add sslcert ipport=127.0.0.1:80 certhash=[MyCertHash] certstorename=MY appid=[TheGuidOfTheAppTahtRunsTheService] verifyclientcertreplication=disable

每当我尝试调用该服务时,都会收到以下错误消息: “身份验证失败,因为远程方已关闭传输流。”

这是否意味着客户端和服务器尝试相互验证? 我怎样才能禁用它? 为了清楚起见,我不想在客户端安装证书,我不是在寻找任何身份验证 atm,只是保护消息内容(如果可能的话)。

I have a self-hosted service that I want to add transport security to.
I've set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None.
I've created a certificate and set it to my host with
ServiceHost.Credentials.ServiceCertificate.SetCertificate()
I've also registered it using
netsh http add sslcert ipport=127.0.0.1:80 certhash=[MyCertHash] certstorename=MY appid=[TheGuidOfTheAppTahtRunsTheService] verifyclientcertrevocation=disable

I'm getting the following error message whenever I try to call the service:
"Authentication failed because the remote party has closed the transport stream."

Does this mean the the client and server try to authenticate each other? How can I disable it?
To make things clear, I do not want to install a certificate at the client, I'm not looking for any authentication atm, just securing the messages content, if that's even possible.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

酷炫老祖宗 2024-07-13 10:13:12

此 MSDN 帖子 可能有助于解决您的问题。 帖子中的最初请求是配置与您不同的安全模式,但他们切换到传输模式进行故障排除,并且该信息应适用于您的情况。

如果您所描述的就是安装证书所需的全部操作,那么您就缺少了几个步骤。 该帖子概述了安装有效证书的过程。 祝你好运!!

This MSDN post may help solve your problem. The initial request in the post is to configure a different security mode than yours but they switch to Transport mode for troubleshooting and that info should apply to your situation.

If what you describe is all you've done to install the certificate then you're missing a few steps. The post outlines the process to get a valid certificate installed. Good luck!!

遇见了你 2024-07-13 10:13:12

有时,证书对于开始工作来说可能是一件痛苦的事。 使用 WCF 时,您应该做的第一件事就是打开跟踪:

http://msdn .microsoft.com/en-us/library/ms733025.aspx

然后,您可以使用 SVCTraceViewer 查看您的服务在幕后生成的异常,并深入了解正在发生的情况,这是必须的有许多 WCF 问题。 十分之九,跟踪会告诉您需要知道的一切。

另外,请确保客户端和服务器都配置了证书,因为证书需要安装在两台计算机上。

Certificates can be a pain in the ass some times to get working. First thing you should always do with WCF is turn on tracing:

http://msdn.microsoft.com/en-us/library/ms733025.aspx

Then, you can use SVCTraceViewer to view the exceptions that your service is generating behind the scenes and get a little insight into what is happening, which is a must with many WCF problems. 9 out of 10 times, the trace will tell you everything you need to know.

Also, make sure that both the client and the server have the certificate configured, since the certificate needs to be installed on both machines.

嘿咻 2024-07-13 10:13:12

我试图找出同样的错误,并发现了这篇文章。 WCF 跟踪没有帮助,因为错误出现在 HTTP 堆栈的客户端上,而在服务器端,请求在到达 WCF 层之前就被拒绝。

我发现我做的还不够彻底。 确保满足以下所有条件。 我已经正确设置了一些但并非全部:

  1. 服务器的证书颁发者具有有效且匹配的颁发者
    同一台计算机上受信任的根 CA。

  2. 服务器证书使用者名称与计算机名称匹配
    完全一致,并且客户端正在访问的计算机名称也匹配(“localhost”与服务器的 Environment.MachineName 值)

  3. 服务器证书的指纹
    已由管理员设置
    使用以下命令(使用
    netsh 相当于较新版本的 Windows)

    httpcfg set ssl -i 0.0.0.0:{端口} -h {指纹} 
      
  4. 此客户端在客户端计算机上也具有相同的有效颁发根 CA 证书。

这是一个很好的参考:SSL 与自托管 WCF 服务

I was trying to track down this same error, and came across this post. WCF tracing doesn't help as the error appears on the client side in the HTTP stack, and on the server side the request is rejected before it ever makes it to the WCF layer.

I found that I wasn't being thorough enough. Make sure all the following conditions are met. I had some but not all of these properly set up:

  1. The server's certificate issuer has a valid and matching issuing
    trusted root CA on the same machine.

  2. The server certificate subject name matches the machine name
    exactly, and the machine name the client is accessing matches as well ("localhost" vs the server's Environment.MachineName value)

  3. The server certificate's thumbprint
    has been set by an Administrator
    using the following command (use
    netsh equivalent for newer versions of Windows)

    httpcfg set ssl -i 0.0.0.0:{port} -h {thumbprint}
    
  4. This client also has the same valid issuing root CA certificate on the client machine.

Here's a good reference: SSL with Self-hosted WCF Service.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文