C# WCF 和证书FaultException
我想使用服务器和客户端证书来实现 WCF 服务。
当我尝试连接到 IIS 上的服务时,出现以下错误:
测试方法 测试项目1.单元测试1.测试方法1 抛出异常: System.ServiceModel.Security.SecurityNegotiationException: 安全通道无法打开 因为与安全谈判 远程端点失败。这可能 由于缺席或不正确 中指定的 EndpointIdentity 用于创建的端点地址 渠道。请验证 指定或暗示的 EndpointIdentity 正确地通过端点地址 标识远程端点。 ---> System.ServiceModel.FaultException: 对安全令牌的请求有 无效或格式错误的元素..
我的 web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="DotNetStoreBinding" receiveTimeout="00:00:15">
<reliableSession inactivityTimeout="00:00:20" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="WcfServiceCustumer.Service1">
<endpoint binding="wsHttpBinding" contract="WcfServiceCustumer.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=DotNetStore" />
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" findValue="CN=Bob"/>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
创建服务器后,我创建了新项目并添加了服务引用。我这样称呼该服务:
EndpointAddress address = new EndpointAddress(
new Uri("http://localhost/CustomerServiceSite/Customer.svc"),
EndpointIdentity.CreateDnsIdentity("DotNetStore"),
new AddressHeaderCollection()
);
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
var client = new CustomerService.Service1Client(binding, address);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Bob");
IList<Product> allProducts = client.GetAllProducts();
任何帮助将不胜感激。
I would like to implement WCF service with server and client certificates.
When I try to connect to service on IIS I get the following error:
Test method
TestProject1.UnitTest1.TestMethod1
threw exception:
System.ServiceModel.Security.SecurityNegotiationException:
Secure channel cannot be opened
because security negotiation with the
remote endpoint has failed. This may
be due to absent or incorrectly
specified EndpointIdentity in the
EndpointAddress used to create the
channel. Please verify the
EndpointIdentity specified or implied
by the EndpointAddress correctly
identifies the remote endpoint. --->
System.ServiceModel.FaultException:
The request for security token has
invalid or malformed elements..
My web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="DotNetStoreBinding" receiveTimeout="00:00:15">
<reliableSession inactivityTimeout="00:00:20" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="WcfServiceCustumer.Service1">
<endpoint binding="wsHttpBinding" contract="WcfServiceCustumer.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=DotNetStore" />
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" findValue="CN=Bob"/>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
After I have created server I created new project and added service reference. I call the service like this:
EndpointAddress address = new EndpointAddress(
new Uri("http://localhost/CustomerServiceSite/Customer.svc"),
EndpointIdentity.CreateDnsIdentity("DotNetStore"),
new AddressHeaderCollection()
);
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
var client = new CustomerService.Service1Client(binding, address);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Bob");
IList<Product> allProducts = client.GetAllProducts();
Any help would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题是由于证书而发生的。我在客户端和服务上没有正确的配对。
可以在这里找到如何正确使用证书的详细描述:
http://www.codeproject.com/KB/WCF/9StepsWCF。 aspx?msg=3181718
The problem was occuring becouse of certificates. I did not have correct pairs on client and service.
A good description how to correctly use certificates can be found here:
http://www.codeproject.com/KB/WCF/9StepsWCF.aspx?msg=3181718