WCF、HTTPS 与 HTTP
有两个示例
对于 HTTP
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
namespace ConsoleApplication1
{
internal class Program
{
private static void Main(string[] args)
{
string addressHttps = String.Format("http://{0}:51222", Dns.GetHostEntry("").HostName);
var wsHttpBinding = new BasicHttpBinding();
var serviceHost = new ServiceHost(typeof (HelloWorldService), new Uri(addressHttps));
Type endpoint = typeof (IHelloWorldService);
serviceHost.AddServiceEndpoint(endpoint, wsHttpBinding, "hello");
Uri uri = new Uri(serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri + "/mex");
var smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
smb.HttpGetUrl = uri;
serviceHost.Description.Behaviors.Add(smb);
Console.Out.WriteLine("Mex address " + smb.HttpGetUrl);
try
{
serviceHost.Open();
string address = serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri;
Console.WriteLine("Listening @ {0}", address);
Console.WriteLine("Press enter to close the service");
Console.ReadLine();
serviceHost.Close();
}
catch (CommunicationException ce)
{
Console.WriteLine("A commmunication error occurred: {0}", ce.Message);
Console.WriteLine();
}
catch (Exception exc)
{
Console.WriteLine("An unforseen error occurred: {0}", exc.Message);
Console.ReadLine();
}
}
}
[ServiceContract]
public interface IHelloWorldService
{
[OperationContract]
string SayHello(string name);
}
public class HelloWorldService : IHelloWorldService
{
#region IHelloWorldService Members
public string SayHello(string name)
{
return string.Format("Hello, {0}", name);
}
#endregion
}
}
:对于 HTTPS
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
namespace ConsoleApplication1
{
internal class Program
{
private static void Main(string[] args)
{
string addressHttps = String.Format("https://{0}:51222", Dns.GetHostEntry("").HostName);
var wsHttpBinding = new BasicHttpBinding();
wsHttpBinding.Security.Mode = BasicHttpSecurityMode.Transport;
var serviceHost = new ServiceHost(typeof (HelloWorldService), new Uri(addressHttps));
Type endpoint = typeof (IHelloWorldService);
serviceHost.AddServiceEndpoint(endpoint, wsHttpBinding, "hello");
serviceHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName, "nameofsertificate");
serviceHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
Uri uri = new Uri(serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri + "/mex");
var smb = new ServiceMetadataBehavior();
smb.HttpsGetEnabled = true;
smb.HttpsGetUrl = uri;
serviceHost.Description.Behaviors.Add(smb);
Console.Out.WriteLine("Mex address " + smb.HttpsGetUrl);
try
{
serviceHost.Open();
string address = serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri;
Console.WriteLine("Listening @ {0}", address);
Console.WriteLine("Press enter to close the service");
Console.ReadLine();
serviceHost.Close();
}
catch (CommunicationException ce)
{
Console.WriteLine("A commmunication error occurred: {0}", ce.Message);
Console.WriteLine();
}
catch (Exception exc)
{
Console.WriteLine("An unforseen error occurred: {0}", exc.Message);
Console.ReadLine();
}
}
public static bool ValidateCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
foreach (X509ChainStatus chainStatus in chain.ChainStatus)
{
if (chainStatus.Status == X509ChainStatusFlags.Revoked)
{
return true;
}
}
}
return false;
}
}
[ServiceContract]
public interface IHelloWorldService
{
[OperationContract]
string SayHello(string name);
}
public class HelloWorldService : IHelloWorldService
{
#region IHelloWorldService Members
public string SayHello(string name)
{
return string.Format("Hello, {0}", name);
}
#endregion
}
}
这些示例启动时没有错误,但如果我尝试创建客户端,我会遇到两种不同的情况:
HTTP - 使用地址成功创建客户端
http://localhost:51222/hello/mex
和 HTTPS失败的。 HTTPS 的地址是:
https://localhost:51222/hello/mex
HTTPS 的错误消息是:
下载时出错
https://localhost:51222/hello/mex。 底层连接已关闭: 发生意外错误 发送。身份验证失败,因为 远程方已关闭 传输流。元数据包含一个 无法解决的参考:https://localhost:51222/hello/mex。 制作时发生错误 HTTP 请求到https://localhost:51222/hello/mex。 这可能是由于以下事实: 服务器证书未配置 正确使用 HTTPS 中的 HTTP.SYS 案件。这也可能是由 安全绑定不匹配 客户端和服务器之间。这 底层连接已关闭: 发送时发生意外错误。 身份验证失败,因为 远程方已关闭传输 溪流。如果服务定义在 当前的解决方案,尝试构建 解决方案并添加服务 再次参考。
我哪里做错了?
There are two samples
For HTTP:
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
namespace ConsoleApplication1
{
internal class Program
{
private static void Main(string[] args)
{
string addressHttps = String.Format("http://{0}:51222", Dns.GetHostEntry("").HostName);
var wsHttpBinding = new BasicHttpBinding();
var serviceHost = new ServiceHost(typeof (HelloWorldService), new Uri(addressHttps));
Type endpoint = typeof (IHelloWorldService);
serviceHost.AddServiceEndpoint(endpoint, wsHttpBinding, "hello");
Uri uri = new Uri(serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri + "/mex");
var smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
smb.HttpGetUrl = uri;
serviceHost.Description.Behaviors.Add(smb);
Console.Out.WriteLine("Mex address " + smb.HttpGetUrl);
try
{
serviceHost.Open();
string address = serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri;
Console.WriteLine("Listening @ {0}", address);
Console.WriteLine("Press enter to close the service");
Console.ReadLine();
serviceHost.Close();
}
catch (CommunicationException ce)
{
Console.WriteLine("A commmunication error occurred: {0}", ce.Message);
Console.WriteLine();
}
catch (Exception exc)
{
Console.WriteLine("An unforseen error occurred: {0}", exc.Message);
Console.ReadLine();
}
}
}
[ServiceContract]
public interface IHelloWorldService
{
[OperationContract]
string SayHello(string name);
}
public class HelloWorldService : IHelloWorldService
{
#region IHelloWorldService Members
public string SayHello(string name)
{
return string.Format("Hello, {0}", name);
}
#endregion
}
}
For HTTPS
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
namespace ConsoleApplication1
{
internal class Program
{
private static void Main(string[] args)
{
string addressHttps = String.Format("https://{0}:51222", Dns.GetHostEntry("").HostName);
var wsHttpBinding = new BasicHttpBinding();
wsHttpBinding.Security.Mode = BasicHttpSecurityMode.Transport;
var serviceHost = new ServiceHost(typeof (HelloWorldService), new Uri(addressHttps));
Type endpoint = typeof (IHelloWorldService);
serviceHost.AddServiceEndpoint(endpoint, wsHttpBinding, "hello");
serviceHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName, "nameofsertificate");
serviceHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
Uri uri = new Uri(serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri + "/mex");
var smb = new ServiceMetadataBehavior();
smb.HttpsGetEnabled = true;
smb.HttpsGetUrl = uri;
serviceHost.Description.Behaviors.Add(smb);
Console.Out.WriteLine("Mex address " + smb.HttpsGetUrl);
try
{
serviceHost.Open();
string address = serviceHost.Description.Endpoints[0].ListenUri.AbsoluteUri;
Console.WriteLine("Listening @ {0}", address);
Console.WriteLine("Press enter to close the service");
Console.ReadLine();
serviceHost.Close();
}
catch (CommunicationException ce)
{
Console.WriteLine("A commmunication error occurred: {0}", ce.Message);
Console.WriteLine();
}
catch (Exception exc)
{
Console.WriteLine("An unforseen error occurred: {0}", exc.Message);
Console.ReadLine();
}
}
public static bool ValidateCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
foreach (X509ChainStatus chainStatus in chain.ChainStatus)
{
if (chainStatus.Status == X509ChainStatusFlags.Revoked)
{
return true;
}
}
}
return false;
}
}
[ServiceContract]
public interface IHelloWorldService
{
[OperationContract]
string SayHello(string name);
}
public class HelloWorldService : IHelloWorldService
{
#region IHelloWorldService Members
public string SayHello(string name)
{
return string.Format("Hello, {0}", name);
}
#endregion
}
}
These samples are starting without errors, but if I try to create clients I have two different situations:
HTTP - the client was created successful using address
http://localhost:51222/hello/mex
And HTTPS failed. The address for HTTPS is:
https://localhost:51222/hello/mex
The error message for HTTPS is:
There was an error downloading
https://localhost:51222/hello/mex.
The underlying connection was closed:
An unexpected error occurred on a
send. Authentication failed because
the remote party has closed the
transport stream. Metadata contains a
reference that cannot be resolved:https://localhost:51222/hello/mex.
An error occurred while making the
HTTP request tohttps://localhost:51222/hello/mex.
This could be due to the fact that the
server certificate is not configured
properly with HTTP.SYS in the HTTPS
case. This could also be caused by a
mismatch of the security binding
between the client and the server. The
underlying connection was closed: An
unexpected error occurred on a send.
Authentication failed because the
remote party has closed the transport
stream. If the service is defined in
the current solution, try building the
solution and adding the service
reference again.
Where did I make a mistake?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我找到了如何解决这个问题的解决方案。所以,服务器的正确代码是:
以及与证书相关的一些情况:
- 生成证书:
添加监听的url
httpcfg set urlacl -u https://*:9010/ -a D:(A;;GX;;;S-1-5-21-1144070942-1563683482-3278297161-1114)
对 http 说.sys 了解端口 9010 上的 ssl 证书
httpcfg set ssl /i 0.0.0.0:9010 /h 8c6e12be5371860adfb84cd2ed2351a900731bb8 /g“{a2c24c79-b0ef-4783-8ed8-d93836fec137}”
所有工作都没有问题。
I found solution how to decided this problem. So, the correct code of server is:
And a few cases related to certificate:
- generating certificate:
adding url to listening
httpcfg set urlacl -u https://*:9010/ -a D:(A;;GX;;;S-1-5-21-1144070942-1563683482-3278297161-1114)
say to the http.sys to know about ssl certificate on the port 9010
httpcfg set ssl /i 0.0.0.0:9010 /h 8c6e12be5371860adfb84cd2ed2351a900731bb8 /g "{a2c24c79-b0ef-4783-8ed8-d93836fec137}"
And all works without problems.
查看此答案:如何以编程方式安装自托管 WCF 服务的 SSL 证书。
Check out this answer: How to programatically install an SSL certificate for a self-hosted WCF service.
您是否将 httpsGetUri 设为与您的 mex 端点地址相同? httpsGetUri 用于发布 WSDL,而不是为 mex 端点提供服务。你应该弄清楚这一点。
Could it be that you're making the httpsGetUri the same as your mex endpoint address? httpsGetUri is for publishing the WSDL, not servicing mex endpoints. You should clear that up.