在 WCF 中使用 X.509 证书连接失败

发布于 2024-12-01 12:50:37 字数 4276 浏览 0 评论 0原文

如果我尝试连接到 WCF 服务，则会收到以下错误：未为目标“http://localhost:8081/OEGNOSControlService/ws”提供服务证书。在 ClientCredentials 中指定服务证书。

但我已经指定了服务证书！

服务的app.config：

<system.serviceModel> 
 <behaviors>
  <serviceBehaviors>  
  <behavior name="ServiceCredentialsBehavior">
   <serviceMetadata httpGetEnabled="true" />
   <serviceDebug includeExceptionDetailInFaults="true" />
   <serviceCredentials>
   <serviceCertificate findValue="localhost"
        storeLocation="LocalMachine"
        storeName="My"
        x509FindType="FindBySubjectName" />
   </serviceCredentials>
  </behavior>
  </serviceBehaviors>
 </behaviors> 
 <bindings>
  <wsHttpBinding>
  <binding name="MessageAndUserName">
   <security mode="Message">
   <message clientCredentialType="UserName" negotiateServiceCredential="false"
    algorithmSuite="Default" establishSecurityContext="true" />
   </security>
  </binding>
  </wsHttpBinding>
 </bindings>
 <services>
  <service behaviorConfiguration="ServiceCredentialsBehavior"
    name="OEGNOS.ControlServiceLibrary.ControlService">
  <clear/>
  <endpoint
   name="WSHttpBinding_IControlService"
   address="ws"
     binding="wsHttpBinding"
     bindingConfiguration="MessageAndUserName"
     contract="OEGNOS.ControlServiceLibrary.IControlService" />
  <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  <host>
   <baseAddresses>
   <add baseAddress="http://localhost:8081/OEGNOSControlService/" />
   </baseAddresses>
  </host>
  </service>
 </services>
 </system.serviceModel>

客户端的app.config：

<system.serviceModel>
  <behaviors>
   <endpointBehaviors>
    <behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
       <authentication certificateValidationMode="PeerOrChainTrust" />
      </serviceCertificate>
     </clientCredentials>
    </behavior>
   </endpointBehaviors>
  </behaviors>
  <bindings>
   <wsHttpBinding>
    <binding name="WSHttpBinding_IControlService" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
     maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
     textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
      maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <reliableSession ordered="true" inactivityTimeout="00:10:00"
      enabled="false" />
     <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false"
       algorithmSuite="Default" establishSecurityContext="true" />
     </security>
    </binding>    
   </wsHttpBinding>
  </bindings>
  <client>
   <endpoint address="http://localhost:8081/OEGNOSControlService/ws"
    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IControlService"
    contract="ServiceReference.IControlService" name="WSHttpBinding_IControlService">
    <identity>
     <certificate encodedValue="AwAAAAEAAAAUAAAA76QJWw679+g8dC71G0FPkVBqP84gAAAAAQAAALUBAAAwggGxMIIBX6ADAgECAhC+qdh0bQjNsUbkHmHD4dv1MAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3kwHhcNMTEwODI0MDcxNzIzWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhYR3qBO1xZlHJux2pTPWnwltvXzhtIyQJJXJwaNoyJz1rAr6LsTOxXbjXXRB4TV74TjgTzVtY8z/bkJhjexBmrq/79myw1y1RZegOSF64p4oYlQX2+uw/AlGgP+VBDgHWamVK6Fdansn/9kQRHRHbfK/DJLdBCzWWHj3tR+jiVAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAITzB2uIn2MuJ11s1uXwNtPOESTrfKlVIfrccGzkuggUJgAiHEQkj/1PwQN+Q47wD5aWYzjUN5CCVMefD9djBYA==" />
    </identity>
   </endpoint>   
  </client>
 </system.serviceModel>

原文

I get the following error if I try to connect to my WCF service:
The service certificate is not provided for target 'http://localhost:8081/OEGNOSControlService/ws'. Specify a service certificate in ClientCredentials.

But I already specified the service certificate!

App.config of the service:

<system.serviceModel> 
 <behaviors>
  <serviceBehaviors>  
  <behavior name="ServiceCredentialsBehavior">
   <serviceMetadata httpGetEnabled="true" />
   <serviceDebug includeExceptionDetailInFaults="true" />
   <serviceCredentials>
   <serviceCertificate findValue="localhost"
        storeLocation="LocalMachine"
        storeName="My"
        x509FindType="FindBySubjectName" />
   </serviceCredentials>
  </behavior>
  </serviceBehaviors>
 </behaviors> 
 <bindings>
  <wsHttpBinding>
  <binding name="MessageAndUserName">
   <security mode="Message">
   <message clientCredentialType="UserName" negotiateServiceCredential="false"
    algorithmSuite="Default" establishSecurityContext="true" />
   </security>
  </binding>
  </wsHttpBinding>
 </bindings>
 <services>
  <service behaviorConfiguration="ServiceCredentialsBehavior"
    name="OEGNOS.ControlServiceLibrary.ControlService">
  <clear/>
  <endpoint
   name="WSHttpBinding_IControlService"
   address="ws"
     binding="wsHttpBinding"
     bindingConfiguration="MessageAndUserName"
     contract="OEGNOS.ControlServiceLibrary.IControlService" />
  <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  <host>
   <baseAddresses>
   <add baseAddress="http://localhost:8081/OEGNOSControlService/" />
   </baseAddresses>
  </host>
  </service>
 </services>
 </system.serviceModel>

app.config of the client:

<system.serviceModel>
  <behaviors>
   <endpointBehaviors>
    <behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
       <authentication certificateValidationMode="PeerOrChainTrust" />
      </serviceCertificate>
     </clientCredentials>
    </behavior>
   </endpointBehaviors>
  </behaviors>
  <bindings>
   <wsHttpBinding>
    <binding name="WSHttpBinding_IControlService" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
     maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
     textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
      maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <reliableSession ordered="true" inactivityTimeout="00:10:00"
      enabled="false" />
     <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false"
       algorithmSuite="Default" establishSecurityContext="true" />
     </security>
    </binding>    
   </wsHttpBinding>
  </bindings>
  <client>
   <endpoint address="http://localhost:8081/OEGNOSControlService/ws"
    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IControlService"
    contract="ServiceReference.IControlService" name="WSHttpBinding_IControlService">
    <identity>
     <certificate encodedValue="AwAAAAEAAAAUAAAA76QJWw679+g8dC71G0FPkVBqP84gAAAAAQAAALUBAAAwggGxMIIBX6ADAgECAhC+qdh0bQjNsUbkHmHD4dv1MAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3kwHhcNMTEwODI0MDcxNzIzWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhYR3qBO1xZlHJux2pTPWnwltvXzhtIyQJJXJwaNoyJz1rAr6LsTOxXbjXXRB4TV74TjgTzVtY8z/bkJhjexBmrq/79myw1y1RZegOSF64p4oYlQX2+uw/AlGgP+VBDgHWamVK6Fdansn/9kQRHRHbfK/DJLdBCzWWHj3tR+jiVAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAITzB2uIn2MuJ11s1uXwNtPOESTrfKlVIfrccGzkuggUJgAiHEQkj/1PwQN+Q47wD5aWYzjUN5CCVMefD9djBYA==" />
    </identity>
   </endpoint>   
  </client>
 </system.serviceModel>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

别再吹冷风 2024-12-08 12:50:37

尝试在客户端上安装证书并更新客户端配置

<behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
         <!-- path for client certificate-->
        <defaultCertificate findValue="localhost"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName"/>
       <authentication certificateValidationMode="None" />
      </serviceCertificate>
     </clientCredentials>
</behavior>

如果你做得正确，不会有异常。注意storeLocation值，导入后默认为CurrentUser（不是LocalMachine）。您可以使用“cmd ->”查看它mmc->证书”。

实际上您不必安装证书，只需向客户端发送证书编码值即可。为此，请勿使用 svcutil.exe（通过单击 Visual Studio 中的“添加服务引用”来使用它）。

相反，

使用 mmc util 在证书存储中查找您的证书。
右键单击证书->出口。
选择“不导出私钥”和 base-64 编码。
保存后使用文本编辑器打开文件，您将获得编码值。
将找到的编码值放入客户端配置身份部分。

Try to install certificate on the client and update client config with

<behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
         <!-- path for client certificate-->
        <defaultCertificate findValue="localhost"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName"/>
       <authentication certificateValidationMode="None" />
      </serviceCertificate>
     </clientCredentials>
</behavior>

If you do it right there will not be exception. Pay attention to storeLocation value, by default after importing it is CurrentUser (not LocalMachine). You can see it using 'cmd -> mmc -> certificates'.

Actually you don't have to install certificate and can just send to the client certificate encodedValue. To do this do not use svcutil.exe (you use it by clicking Add service reference in Visual Studio).

Instead,