SQL Server 数据库中的 WCF 证书存储
我有一个 SQL 数据库,它存储 WCF 服务和其他服务的客户端证书。 (X509 等)。我想使用此存储(而不是“我的”)来检索此证书(而不是在 web.config 中声明它),然后将其用于 WCF。
我尝试在这个网站和谷歌上搜索,但似乎没有太大帮助。
目前我正在
var targetEndpoint = new EndpointAddress(targetLogicalAddress, targetIdentity);
MyTransportPortTypesClient proxy = new MyTransportPortTypesClient("WebConfigSection", targetEndpoint);
这样做所以理想情况下我想摆脱“WebConfigSection”并传递某种已签名证书的WCF对象。
有谁知道如何实现这一目标?
我终于解决了这个问题,这就是我的做法。 (我将分享我的经验,以便每个人都可以使用它)这是不使用任何机器CertificateStore的。它纯粹是从数据库到客户端代理。
我创建了 X509Certificate2 对象并分配物理文件(以字节 [] 为单位)。如果密码受保护,您也可以输入密码。
然后我已将证书分配给我的代理客户端。 就像:
proxy.ClientCredentials.ClientCertificate = __MyCertificate
现在我已经按照我在 app.config 中的意图操作了我的 clientproxy。就是这样。所有这些属性都将位于您的代理对象中。
希望这有帮助。
I have a SQL Database which is storing my client side certificate for WCF service and other services. (X509 etc). I would like to use this Store (instead of 'My') to retrive this certificate (instead of declaring it in web.config) and then use it for WCF.
I have tried to search on this site and google but does not seems to be much of a help.
Currently I am doing
var targetEndpoint = new EndpointAddress(targetLogicalAddress, targetIdentity);
MyTransportPortTypesClient proxy = new MyTransportPortTypesClient("WebConfigSection", targetEndpoint);
So ideally I would like to get rid of the "WebConfigSection" and instead pass some sort of WCF object which has certifictate signed.
Does anyone know how to achive this?
I have finally solved this and Here's how I did it. (I'll share my experiece so everyone can use it) This is without using any machine CertificateStore. Its purely from Database to the client Proxy.
I have created X509Certificate2 Object and assign physical file (in byte[]). You can also put password if its password protected.
Then I have assigned the certificate to my proxy client.
Something like :
proxy.ClientCredentials.ClientCertificate = __MyCertificate
Now I have manupulated my clientproxy as I was inteneted to in my app.config. and that's it. All these properties will be in your proxy object.
Hope this helps.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知,即使不是完全不可能,至少也是非常困难的。 WCF 使用 SChannel SSPI 提供程序作为身份验证,此 SSPI 提供程序将仅从 加载证书SChannel CSP 提供商。为了使用数据库中的证书,必须首先将证书加载到 PROV_RSA_SCHANNEL CSP 密钥库,然后此密钥库的证书上下文将传递到
AcquireCredentialsHandle。例如,这就是数据库镜像如何进行身份验证的方式使用存储在数据库中的证书。虽然也可以在托管代码中完成所有这些步骤,但我不确定是否可以将它们插入 WCF:我期望是这样,但可能不适合胆小的人。AFAIK it is at least very difficult, if not down right impossible. WCF uses SChannel SSPI provider for the authentication and this SSPI provider will load certificates only from the SChannel CSP provider. In order to use a certificate from the database the certificate would have to be loaded first into a PROV_RSA_SCHANNEL CSP keystore and then the certificate context of this keystore would be passed to
AcquireCredentialsHandle. For instance, this is how database mirroring is able to authenticate using a certificate stored in the database. While it is possible to do all these steps in managed code too, I'm not sure if is possible to plug them into WCF: I expect it is, but probably not for the faint of heart.