通过证书身份验证实现传输安全
当我访问我的 web 服务 localhost/MyService/MyService.svc 时,出现以下错误
服务“SslRequireCert”的 SSL 设置与 IIS“Ssl, SslNegotiateCert”的 SSL 设置不匹配。
我已按照 http://msdn.microsoft 中指定的 web.config 示例进行操作.com/en-us/library/ms731074.aspx
这是我的 wcf 服务器 web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings />
<system.web>
<identity impersonate="false" />
<roleManager enabled="true" />
<authentication mode="Windows" />
<customErrors mode="Off" />
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" roles="" />
</authorization>
</security>
</system.webServer>
<system.serviceModel>
<services>
<service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
<endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceMetadata />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
revocationMode="Online"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="CertificateWithTransportWSHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
我已按如下方式配置 IIS:
- 使用自签名证书添加 https 绑定
- 在 SSL 设置下,需要 SSL 并接受客户端证书已选中
- 自签名证书已添加到本地计算机受信任的根 CA。
我可以浏览并执行 .asmx 服务定义,但 .svc 给出上述错误。
I'm getting the following error when I access my webservice localhost/MyService/MyService.svc
The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'.
I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx
Here is my wcf server web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings />
<system.web>
<identity impersonate="false" />
<roleManager enabled="true" />
<authentication mode="Windows" />
<customErrors mode="Off" />
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" roles="" />
</authorization>
</security>
</system.webServer>
<system.serviceModel>
<services>
<service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
<endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceMetadata />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
revocationMode="Online"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="CertificateWithTransportWSHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
I've configured IIS as follows:
- https binding added using self signed certificate
- Under SSL settings, require SSL and accept client certificates is checked
- The self signed certificate has been added to the Local Computer Trusted Root CA.
I can browse and execute the .asmx service definition, but the .svc gives me the error described above.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
尝试注释掉您的 mex 端点。这应该可以让它工作
Try to comment out your mex endpoint. That should get it working
过程
在你的网络配置中像这样修改它
在您的 MEX 端点中设置绑定 =“wsHttpsBinding”
如果您执行了所有操作如上所述,您应该启动并运行 SSL WCF 服务。
Here's the process
In your web config modify it like so
In your MEX endpoint set the binding="wsHttpsBinding"
If you do all of that above you should be up and running with an SSL WCF Service.
我为此苦恼了至少 2-3 个小时,并忽略了上面关于注释掉您的 mex 端点的回复。
事实证明这就是我的答案,所以只是想重申上面的答案。请参阅上述帖子中步骤 7 底部的评论:
http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorization-with-wcf-in-development-environments.aspx
I was banging my head on this for at least 2-3 hours, and overlooked the response above about commenting out your mex endpoint.
This proved to be the answer for me so just wanted to re-enforce the answer above. See the comment at the bottom of Step 7 in the above post:
http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorisation-with-wcf-in-development-environments.aspx