自定义 WS 绑定错误:未为目标“xxx”提供服务证书。在 ClientCredentials 中指定服务证书
我正在尝试实现具有压缩和消息安全性的自定义 WS 绑定,并将 ClientCredentialType 设置为“无”。服务已配置并成功运行。我还成功配置了客户端并运行它。但是,我需要以编程方式设置客户端,因此当我尝试将客户端配置转换为代码时,我收到错误“未为目标“xxx”提供服务证书。在 ClientCredentials 中指定服务证书。 我正在使用自动生成的代理客户端,并且按照建议覆盖客户端构造函数并直接在 ClientCredentials 或客户端端点行为中指定服务证书 CertificateValidationMode,但仍然没有成功。
我将不胜感激解决此问题的任何帮助。作为参考,我在下面提供了配置及其代码翻译。
客户端配置:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="customWSBinding" sendTimeout="00:15:00">
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
</security>
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding"/>
<httpTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False"
maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
authenticationScheme="Anonymous" bypassProxyOnLocal="False" realm="" useDefaultWebProxy="True"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address=""
binding="customBinding"
bindingConfiguration="customWSBinding"
behaviorConfiguration="ClientBehavior"
contract="IService"
name="ServiceEndpoint">
<identity>
<dns value="contoso.com"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
等效代码:
SecurityBindingElement securityElement = SecurityBindingElement.CreateSecureConversationBindingElement(SecurityBindingElement.CreateAnonymousForCertificateBindingElement());
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
GZipMessageEncodingBindingElement encodingElement = new GZipMessageEncodingBindingElement();
TextMessageEncodingBindingElement txtMsgBE = new TextMessageEncodingBindingElement();
encodingElement.InnerMessageEncodingBindingElement = txtMsgBE;
HttpTransportBindingElement httpTransportElement = new HttpTransportBindingElement();
httpTransportElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpTransportElement.ManualAddressing = false;
httpTransportElement.MaxReceivedMessageSize = Int32.MaxValue;
httpTransportElement.MaxBufferSize = Int32.MaxValue;
httpTransportElement.MaxBufferPoolSize = Int32.MaxValue;
httpTransportElement.AuthenticationScheme = AuthenticationSchemes.Anonymous;
httpTransportElement.BypassProxyOnLocal = false;
httpTransportElement.UseDefaultWebProxy = true;
System.ServiceModel.Channels.Binding binding = new CustomBinding(securityElement, encodingElement, httpTransportElement);
binding.SendTimeout = TimeSpan.FromMinutes(15);
EndpointAddress address = new EndpointAddress(new Uri(svcURL), EndpointIdentity.CreateDnsIdentity("contoso.com"));
ServiceClient svcClient = new ServiceClient(binding, address);
重写的代理客户端:
public ServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress)
:base (binding, remoteAddress)
{
System.ServiceModel.Description.ClientCredentials cc = new System.ServiceModel.Description.ClientCredentials();
cc.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
base.Endpoint.Behaviors.RemoveAt(1);
base.Endpoint.Behaviors.Add(cc);
}
I'm trying to implement a custom WS binding with compression and message security with ClientCredentialType set to 'None'. The service is configured and running successfully. I've also managed to configure the client and run it successfully. However, I need to set-up the client programatically, so when I try to translate the client configuration into code, I get the error 'The service certificate is not provided for target 'xxx'. Specify a service certificate in ClientCredentials.'
I'm using the auto-generated proxy client, and I've followed recommendations to override the client constructor and specify the service certificate CertificateValidationMode directly on the ClientCredentials or in the client endpoint behaviors, but still no luck.
I would appreciate any help in resolving this. For reference, I include below the configuration and its code translation.
Client configuration:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="customWSBinding" sendTimeout="00:15:00">
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
</security>
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding"/>
<httpTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False"
maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
authenticationScheme="Anonymous" bypassProxyOnLocal="False" realm="" useDefaultWebProxy="True"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address=""
binding="customBinding"
bindingConfiguration="customWSBinding"
behaviorConfiguration="ClientBehavior"
contract="IService"
name="ServiceEndpoint">
<identity>
<dns value="contoso.com"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
The equivalent code:
SecurityBindingElement securityElement = SecurityBindingElement.CreateSecureConversationBindingElement(SecurityBindingElement.CreateAnonymousForCertificateBindingElement());
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
GZipMessageEncodingBindingElement encodingElement = new GZipMessageEncodingBindingElement();
TextMessageEncodingBindingElement txtMsgBE = new TextMessageEncodingBindingElement();
encodingElement.InnerMessageEncodingBindingElement = txtMsgBE;
HttpTransportBindingElement httpTransportElement = new HttpTransportBindingElement();
httpTransportElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpTransportElement.ManualAddressing = false;
httpTransportElement.MaxReceivedMessageSize = Int32.MaxValue;
httpTransportElement.MaxBufferSize = Int32.MaxValue;
httpTransportElement.MaxBufferPoolSize = Int32.MaxValue;
httpTransportElement.AuthenticationScheme = AuthenticationSchemes.Anonymous;
httpTransportElement.BypassProxyOnLocal = false;
httpTransportElement.UseDefaultWebProxy = true;
System.ServiceModel.Channels.Binding binding = new CustomBinding(securityElement, encodingElement, httpTransportElement);
binding.SendTimeout = TimeSpan.FromMinutes(15);
EndpointAddress address = new EndpointAddress(new Uri(svcURL), EndpointIdentity.CreateDnsIdentity("contoso.com"));
ServiceClient svcClient = new ServiceClient(binding, address);
The overridden proxy client:
public ServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress)
:base (binding, remoteAddress)
{
System.ServiceModel.Description.ClientCredentials cc = new System.ServiceModel.Description.ClientCredentials();
cc.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
base.Endpoint.Behaviors.RemoveAt(1);
base.Endpoint.Behaviors.Add(cc);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CreateAnonymousForCertificateBindingElement() 方法提供绑定元素用于匿名客户端身份验证和基于证书的服务身份验证。因此,如果要求提供服务证书。
CreateAnonymousForCertificateBindingElement() method provides binding element for anonymous client-authentication and certificate based service authentication. Hence if is asking for a service certificate.