使用证书保护 IIS 中的 WCF 服务

发布于 2024-12-04 21:07:18 字数 4081 浏览 1 评论 0原文

我想使用自签名证书(由 inetmgr 生成)来保护 WCF 4 中的服务应用程序的安全。

但是,我不能。当我调用服务的方法时,出现 MessageSecurityException:

客户端身份验证方案“匿名”禁止 HTTP 请求。

web.config 文件:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
    </system.web>

    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="TransportSecurity">
                    <security mode="TransportWithMessageCredential">
                        <transport clientCredentialType="Certificate" />
                        <message clientCredentialType="Certificate"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>

        <behaviors>
            <serviceBehaviors>
                <behavior name="testingServiceBehavior">
                    <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>

        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

        <services>
            <service behaviorConfiguration="testingServiceBehavior"
                     name="Testing.Service1">

                <endpoint address=""
                          binding="wsHttpBinding"
                          bindingConfiguration="TransportSecurity"
                          contract="Testing.IService1" />

                <endpoint address="mex"
                          binding="mexHttpsBinding"
                          contract="IMetadataExchange" />
            </service>
        </services>
    </system.serviceModel>

    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>
</configuration>

我尝试使用该服务的代码是:

    public static bool validateCertificates(object sender,
                                            System.Security.Cryptography.X509Certificates.X509Certificate cert,
                                            System.Security.Cryptography.X509Certificates.X509Chain chain,
                                            System.Net.Security.SslPolicyErrors error)
    {
        return true;
    }

    private void button1_Click(object sender, EventArgs e)
    {
        System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(validateCertificates);

        WSHttpBinding binding = new WSHttpBinding();
        binding.Name = "secureBinding";

        binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

        EndpointAddress endpointAddress = new System.ServiceModel.EndpointAddress("https://rtsa.dnsalias.com:2490/Service1.svc");

        ProCell2.Servicios.Informes.Service1Client client = new Servicios.Informes.Service1Client(binding, endpointAddress);

        client.ClientCredentials.ClientCertificate.SetCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.GetInformation();  // <-------- Here cause the exception

SSL 配置:

“SSL设置”

I want to secure a service application in WCF 4, using a selfsigned certificate (generated by inetmgr).

But, I can't. When I call a method of the service, I have a MessageSecurityException:

The HTTP request was forbidden with client authentication scheme 'Anonymous'.

The web.config file:

<?xml version="1.0"?>
<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
    </system.web>

    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="TransportSecurity">
                    <security mode="TransportWithMessageCredential">
                        <transport clientCredentialType="Certificate" />
                        <message clientCredentialType="Certificate"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>

        <behaviors>
            <serviceBehaviors>
                <behavior name="testingServiceBehavior">
                    <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>

        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

        <services>
            <service behaviorConfiguration="testingServiceBehavior"
                     name="Testing.Service1">

                <endpoint address=""
                          binding="wsHttpBinding"
                          bindingConfiguration="TransportSecurity"
                          contract="Testing.IService1" />

                <endpoint address="mex"
                          binding="mexHttpsBinding"
                          contract="IMetadataExchange" />
            </service>
        </services>
    </system.serviceModel>

    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>
</configuration>

And the code where I trying to consume the service is:

    public static bool validateCertificates(object sender,
                                            System.Security.Cryptography.X509Certificates.X509Certificate cert,
                                            System.Security.Cryptography.X509Certificates.X509Chain chain,
                                            System.Net.Security.SslPolicyErrors error)
    {
        return true;
    }

    private void button1_Click(object sender, EventArgs e)
    {
        System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(validateCertificates);

        WSHttpBinding binding = new WSHttpBinding();
        binding.Name = "secureBinding";

        binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

        EndpointAddress endpointAddress = new System.ServiceModel.EndpointAddress("https://rtsa.dnsalias.com:2490/Service1.svc");

        ProCell2.Servicios.Informes.Service1Client client = new Servicios.Informes.Service1Client(binding, endpointAddress);

        client.ClientCredentials.ClientCertificate.SetCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "ServerWeb2");

        client.GetInformation();  // <-------- Here cause the exception

The SSL configuration:

SSL Setting

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

若有似无的小暗淡 2024-12-11 21:07:18

请将以下行添加到您的客户端代码中:

// Disable credential negotiation and the establishment of 
// a security context.
myBinding.Security.Message.NegotiateServiceCredential = false;
myBinding.Security.Message.EstablishSecurityContext = false;

请参阅 http://msdn.microsoft .com/en-us/library/ms733102.aspx 了解更多详细信息,请参阅设置 setSecurityContext="False 有何影响“如果我使用 https? 因为它对您的通信有影响。

Please add the following lines to your client code:

// Disable credential negotiation and the establishment of 
// a security context.
myBinding.Security.Message.NegotiateServiceCredential = false;
myBinding.Security.Message.EstablishSecurityContext = false;

See http://msdn.microsoft.com/en-us/library/ms733102.aspx for more details and see What are the impacts of setting establishSecurityContext="False" if i use https? for the impact it has on your communication.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文