使用 ASP.NET 配置 WCF 证书
简而言之,这是场景。我有一个使用表单身份验证和自定义成员资格提供程序的 ASP.NET 应用程序。我使用 ServiceHostFactory 创建了一个 WCF 客户端和一个 ASP.NET ServiceHost。到目前为止,一切都很完美,但要在现实世界中部署它,我需要确保它的安全。我似乎无法找到如何设置该服务的证书。我想使用已与托管我的服务的 ASP.NET 应用程序关联的证书。
如何设置证书以自动将证书设置为托管 Web 应用程序的证书,而无需手动识别证书。如果用户必须安装 WCF 程序集并对配置文件进行更改并且必须了解有关安装的证书的信息,那么这将是真正的 PITA。
这是我到目前为止收集的内容,但无法使其工作,并且在安装过程中如果不重新编译就无法对其进行配置。
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerDistinguishedName, "mycertificate");
是否有一个 ASP.NET Api 可以返回与托管应用程序关联的证书,我可以将其传递给 SetCertificate?另外,如何处理未安装证书但仍希望 WCF 连接(尽管不安全)的情况?
Briefly, here's the scenario. I have an ASP.NET application using forms authentication and a custom membership provider. I've created a WCF client and an ASP.NET ServiceHost using ServiceHostFactory. Everything works perfectly so far, but to deploy this in the real world, I will need to have it secured. I cannot seem to find out how to set the certificate for the service. I want to use the certificate already associated with the ASP.NET application that is hosting my service.
How do I set the certificate in a way that will automatically set the certificate to the hosting web app's certificate without having to manually identify the certificate. It would be a real PITA if the user has to install the WCF assemblies and make changes to the configuration file and have to know something about what certificate is installed.
Here's what I mustered up so far, but haven't been able to get it to work and it isn't configurable during installation without recompilation.
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerDistinguishedName, "mycertificate");
Is there a ASP.NET Api that would return the certificate associated with the hosting app that I can pass to SetCertificate? Also, how do I handle the situation where no certificate is installed, but I still want WCF to connect, albeit insecurely?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这取决于您是否要使用传输级安全性或消息级安全性。如果您只是希望 Web 服务像任何其他网页一样通过 https 工作,那么在 WCF 配置中,您不需要指定证书,只需启用传输安全性,例如:
然后在 IIS 中,将 SSL 证书设置为该网站就像任何其他 ASP.NET 网站一样。如果您没有通过 IIS 托管它,而是将其设为自托管 Windows 服务或其他服务,那么您必须在配置中设置证书,但在 IIS 中托管时,您可以让 IIS 完成这项工作。
相反,如果您想要执行消息级安全性,这意味着您正在通过非安全的常规 http 进行传输,但您的消息内容已加密,那么您将设置
绑定,并指定用于加密消息的证书。然而,听起来您正在谈论将 ssl / https 用于您的 Web 服务。
This depends on whether you want to use Transport or Message level security. If you just want your web services to work over https like any other web page, then in your WCF configuration, you do not need to specify the certificate, you simply enable transport security, like:
Then in IIS, you set the SSL certificate on the web site just like you would have for any other ASP.NET site. If you were not hosting this through IIS, but were instead making it a self-hosted windows service or something, then you would have to set the certificate in your configuration, but when hosting in IIS, you can let IIS do the work.
If instead you want to do message level security, which means that you are transporting over non-secure regular http, but your message contents are encrypted, then you would set
on the binding, and specify the certificate to use to encrypt the message. However it sounds like you are talking about using ssl / https for your web service.