WCF wsdualhttpBinding 自定义用户名

发布于 2024-11-05 11:33:35 字数 2694 浏览 8 评论 0原文

我遇到了非常烦人的错误: 我的场景 - 使用 wsdualhttpbinding 在 WCF 中实现的简单消息/邮件服务器\客户端(双重回调,在线更新新消息)。

所有安全配置都是用代码编写的(根本没有 *.config)。第一次连接时,客户端抛出以下内容 [System.Security.Cryptography.CryptographicException] = {“长度错误。\r\n”} 具有 NULL 内部异常,因此不可能进行更深入的钻探。 服务器配置:

     WSDualHttpBinding binding = new   WSDualHttpBinding(WSDualHttpSecurityMode.Message);
    binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

        Uri baseServiceAddress = new Uri(@"http://"+Environment.MachineName+":7921/Mail/");                 
        host = new ServiceHost(theMightyMailServer,baseServiceAddress);             

        host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
        host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = validator;
        host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root, X509FindType.FindByIssuerName, "MailServer");
        ServiceDebugBehavior d = new ServiceDebugBehavior();
        d.IncludeExceptionDetailInFaults = true;
        host.Description.Behaviors.Remove<ServiceDebugBehavior>();
        host.Description.Behaviors.Add(d);
        ServiceMetadataBehavior b = new ServiceMetadataBehavior();
        b.HttpGetEnabled = true;
        host.Description.Behaviors.Remove<ServiceMetadataBehavior>();
        host.Description.Behaviors.Add(b);
        var mexBinding = MetadataExchangeBindings.CreateMexHttpBinding();
        host.AddServiceEndpoint(typeof(IMailServer), binding, "Service");
        host.AddServiceEndpoint(typeof(IMetadataExchange),mexBinding,"");


        host.Open();

客户端配置:

           client = new MailServerReference.MailServerClient(new InstanceContext(this));

            client.ClientCredentials.UserName.UserName = currentUser.UserName;
            client.ClientCredentials.UserName.Password = currentUser.Password;
                client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,X509FindType.FindByIssuerName, "MailServer");
            currentUser.ID = client.getUID();
            client.RegisterOnServer(currentUser.ID);
            return true;

        }
        catch (Exception ex) { MessageBox.Show(ex.Message); return false; }

任何帮助将非常感激。顺便说一句,我是 WCF 的新手,所以也许我缺少一些基本概念。

I'v got very annoying error:
My scenario - simple message/mail server\client implemented in WCF with wsdualhttpbinding (dual for callbacks , online update on new message).

All security config is written in code (no *.config at all) . Upon first connection the client throws the following
[System.Security.Cryptography.CryptographicException] = {"Bad Length.\r\n"}
with NULL inner exception , so drilling deeper isn't possible .
Server configuration :

     WSDualHttpBinding binding = new   WSDualHttpBinding(WSDualHttpSecurityMode.Message);
    binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

        Uri baseServiceAddress = new Uri(@"http://"+Environment.MachineName+":7921/Mail/");                 
        host = new ServiceHost(theMightyMailServer,baseServiceAddress);             

        host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
        host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = validator;
        host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root, X509FindType.FindByIssuerName, "MailServer");
        ServiceDebugBehavior d = new ServiceDebugBehavior();
        d.IncludeExceptionDetailInFaults = true;
        host.Description.Behaviors.Remove<ServiceDebugBehavior>();
        host.Description.Behaviors.Add(d);
        ServiceMetadataBehavior b = new ServiceMetadataBehavior();
        b.HttpGetEnabled = true;
        host.Description.Behaviors.Remove<ServiceMetadataBehavior>();
        host.Description.Behaviors.Add(b);
        var mexBinding = MetadataExchangeBindings.CreateMexHttpBinding();
        host.AddServiceEndpoint(typeof(IMailServer), binding, "Service");
        host.AddServiceEndpoint(typeof(IMetadataExchange),mexBinding,"");


        host.Open();

Client configuration :

           client = new MailServerReference.MailServerClient(new InstanceContext(this));

            client.ClientCredentials.UserName.UserName = currentUser.UserName;
            client.ClientCredentials.UserName.Password = currentUser.Password;
                client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
            client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,X509FindType.FindByIssuerName, "MailServer");
            currentUser.ID = client.getUID();
            client.RegisterOnServer(currentUser.ID);
            return true;

        }
        catch (Exception ex) { MessageBox.Show(ex.Message); return false; }

Any help would be very much appreciated.And BTW I am new to WCF , so maybe I am missing some basic concept .

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

葬花如无物 2024-11-12 11:33:35

我会尝试在客户端和服务器上将 ServiceCertificateClientCertificate 设置为相同的值。至少,我就是这样做的。已经有一段时间了,但我认为当只设置一个证书或另一个证书而不是同时设置两个证书时,我遇到了问题。


编辑附加信息:

在我的例子中,我使用 CustomBinding 而不是 WSDualHttpBinding 但我最终对双方的 ServiceCertificate 和 ClientCertificate 使用完全相同的证书(客户端和服务器)。

更具体地说,我有一个扩展 System.ServiceModel.Description.ServiceCredentials 的类

public class MyServiceCredentials : ServiceCredentials
{
    public MyServiceCredentials() : base()
    {
        LoadCertificate();
    }

    public MyServiceCredentials(MyServiceCredentials other) : base(other)
    {
        LoadCertificate();
    }

    private void LoadCertificate()
    {
        ServiceCertificate.Certificate = _cert;
        ClientCertificate.Certificate = _cert;
        ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
   }
}

,并且我将其中之一传递给客户端和服务器实现中的 CustomBinding 构造函数。

无论如何,我认为因为绑定的 Message 安全性已打开,所以它期望双向都有消息级安全性,因此双方都需要证书(ServiceCertificate 和 ClientCertificate)。

但我可能完全错了,我只是说;尝试一下,看看是否有帮助......

I would try setting the ServiceCertificate and ClientCertificate to the same thing on both the client and the server. At least, that is the way I've done this. It has been a while, but I think I had issues when only one certificate or the other was set, and not both.


Edit for additional info:

In my case, I use a CustomBinding instead of a WSDualHttpBinding but I ended up using the exact same certificate for the ServiceCertificate and ClientCertificate on both sides (client and server).

More specifically, I have a class that extends System.ServiceModel.Description.ServiceCredentials

public class MyServiceCredentials : ServiceCredentials
{
    public MyServiceCredentials() : base()
    {
        LoadCertificate();
    }

    public MyServiceCredentials(MyServiceCredentials other) : base(other)
    {
        LoadCertificate();
    }

    private void LoadCertificate()
    {
        ServiceCertificate.Certificate = _cert;
        ClientCertificate.Certificate = _cert;
        ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
   }
}

And I pass one of those to my CustomBinding constructor in both the client and server implementation.

Anyway, I think because Message security is turned on for the binding, it expects there to be message level security in both directions, so it needs a certificate on both sides (ServiceCertificate and ClientCertificate).

I could be completely wrong though, I'm just saying; try it and see if that helps...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文