具有证书身份验证的 WCF 服务客户端,在调试时有效,但不能实时运行
我正在使用经过证书验证的 WCF 服务。我在 VS 调试模式下可以工作,但是当我发布并运行时它就无法工作。
证书存储在 CurrentUser/TrustedPeople 中。 这是我的配置行为部分:
<behavior name="LoadClientCert">
<clientCredentials>
<clientCertificate findValue="CN=Certificate1"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<serviceCertificate>
<defaultCertificate findValue="CN=Certificate2"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
错误消息:请求错误 服务器在处理请求时遇到错误。有关更多详细信息,请参阅服务器日志。
我的猜测是 IIS 用户没有使用该证书的权限。但这只是猜测。
我在哪里可以找到该服务器日志?我尝试了事件查看器,但没有找到任何内容。我也将其添加到我的配置中,但没有运气(尝试解决方案后它是空的):
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="f:\logs\messages.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
有什么建议吗?
Im using a certificate authenticated WCF service. I works when in VS debugmode, but when i publish and run it won't work.
The cerificatesd are stored in CurrentUser/TrustedPeople.
This is my config behavior-section:
<behavior name="LoadClientCert">
<clientCredentials>
<clientCertificate findValue="CN=Certificate1"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<serviceCertificate>
<defaultCertificate findValue="CN=Certificate2"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
Error message: Request Error
The server encountered an error processing the request. See server logs for more details.
My guess is that the IIS user don't have permissions to use the certificate. But that is only guessing.
And where can i find that server log? i tried event viewer but i didn't find anything. I also added this to my config without luck(its empty after trying the solution):
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="f:\logs\messages.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
Any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您使用 2 是 SSL,即使用 SSL 保护传输通道并使用 SSL 对客户端进行身份验证,则应按如下方式放置证书:
对于服务器证书(.pfx 文件):
将证书安装在本地计算机个人文件夹中。
对于客户端证书:
在服务器计算机上(.cer 文件):
在本地计算机中安装客户端证书 -->受信任的人存储
在客户端计算机上(.pfx 文件):
在本地用户中安装客户端证书-->个人存储
此外,如果服务器证书是自签名的,请确保在调用服务方法之前在客户端使用以下代码:
更新:
如何启用跟踪
If you are using 2 was SSL i.e. securing the transport channel with SSL and authenticating your client with SSL then the certificates should be placed as follows:
For Server Certificate (.pfx file):
Install the certificate in Local Machine Personal folder.
For Client Certificates:
On Server machine(.cer file):
Install the client certificate in Local Machine --> Trusted People Store
On Client Machine (.pfx file):
Install the client certificate in Local User --> Personal Store
Also if the server certificate is self signed make sure to use the below code on your client side just before invoking the service method:
UPDATE:
How to enable Tracing