当前位置：文江博客话题详情

自托管 WCF 服务器 - 从文件而不是证书存储加载证书

发布于 2024-10-07 22:08:48 字数 84 浏览 5 评论 0原文

我目前正在使用 wcf 服务器，希望从文件/资源而不是证书存储加载我的证书，以使部署更容易。有什么想法如何做到这一点？

感谢您的帮助！

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

·深蓝 2024-10-14 22:08:48

假设您使用的是双工通道，您可以按如下方式从文件加载证书：

//Load certificate file with private key
var certificate = new X509Certificate2("c:\certificate.pfx", "password");

//Configure your server by to use certificate, for example:
var host = new ServiceHost(typeof(YourService), 
                         new Uri("Your service's uri"));
host.Credentials.ServiceCertificate.Certificate = certificate;

//configure your server to accept client's certificate , accept all
//certificate in this case, or you can assign it to the public key file
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode
                           = X509CertificateValidationMode.None;

在您的客户端代码中，按照与上面相同的方式加载证书

//configure your client to use certificate
var channelFactory = new ChannelFactory<IYourService>();
channelFactory.Credentials.ClientCertificate.Certificate = 
                                             clientCertificate;

//configure your client to accept server's certificate, 
//again, for simplicity, just accept any server's certificate
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode
                           = X509CertificateValidationMode.None;

我认为从这一点来看您应该没问题。请记住，如果从文件加载，则必须加载由 pvk2pfx.exe 生成的 .pfx 文件，它同时具有私钥和公钥。否则 WCF 将会对在哪里查找私钥感到困惑。

Suppose you are using duplex channel,you can load certificate from file as the following:

//Load certificate file with private key
var certificate = new X509Certificate2("c:\certificate.pfx", "password");

//Configure your server by to use certificate, for example:
var host = new ServiceHost(typeof(YourService), 
                         new Uri("Your service's uri"));
host.Credentials.ServiceCertificate.Certificate = certificate;

//configure your server to accept client's certificate , accept all
//certificate in this case, or you can assign it to the public key file
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode
                           = X509CertificateValidationMode.None;

In your client's code, load the certificate as same as above

//configure your client to use certificate
var channelFactory = new ChannelFactory<IYourService>();
channelFactory.Credentials.ClientCertificate.Certificate = 
                                             clientCertificate;

//configure your client to accept server's certificate, 
//again, for simplicity, just accept any server's certificate
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode
                           = X509CertificateValidationMode.None;

I think you should be okay from this point. Just remember that if you load from a file, you have to load the .pfx file which is generated by pvk2pfx.exe , it has both private key and public key. Otherwise WCF will get confused to where to lookup for private key.

回复收藏 0 原文