我有一个非常烦人的错误: 我的场景 - 在WCF中使用wsdualhttpbinding实现的简单消息/邮件服务器\客户端(对于回调而言是双重的,对新消息进行在线更新)。
所有安全配置都是用代码编写的(根本没有* .config)。首次连接时,客户端会抛出以下内容 [System.Security.Cryptography.CryptographicException] = {“Bad Length。\ r \ n”} 具有NULL内部异常,因此无法钻取更深的内容。 服务器配置:
WSDualHttpBinding binding = new WSDualHttpBinding(WSDualHttpSecurityMode.Message);
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
Uri baseServiceAddress = new Uri(@"http://"+Environment.MachineName+":7921/Mail/");
host = new ServiceHost(theMightyMailServer,baseServiceAddress);
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = validator;
host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root, X509FindType.FindByIssuerName, "MailServer");
ServiceDebugBehavior d = new ServiceDebugBehavior();
d.IncludeExceptionDetailInFaults = true;
host.Description.Behaviors.Remove<ServiceDebugBehavior>();
host.Description.Behaviors.Add(d);
ServiceMetadataBehavior b = new ServiceMetadataBehavior();
b.HttpGetEnabled = true;
host.Description.Behaviors.Remove<ServiceMetadataBehavior>();
host.Description.Behaviors.Add(b);
var mexBinding = MetadataExchangeBindings.CreateMexHttpBinding();
host.AddServiceEndpoint(typeof(IMailServer), binding, "Service");
host.AddServiceEndpoint(typeof(IMetadataExchange),mexBinding,"");
host.Open();
客户端配置:
client = new MailServerReference.MailServerClient(new InstanceContext(this));
client.ClientCredentials.UserName.UserName = currentUser.UserName;
client.ClientCredentials.UserName.Password = currentUser.Password;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,X509FindType.FindByIssuerName, "MailServer");
currentUser.ID = client.getUID();
client.RegisterOnServer(currentUser.ID);
return true;
}
catch (Exception ex) { MessageBox.Show(ex.Message); return false; }
任何帮助都会非常感激。而BTW我是WCF的新手,所以也许我错过了一些基本的概念。
答案 0 :(得分:0)
我会尝试在客户端和服务器上将ServiceCertificate和ClientCertificate设置为相同的内容。至少,这就是我做到这一点的方式。它已经有一段时间了,但我认为只有一个证书或另一个证书才有问题,而不是两者都有。
编辑以获取更多信息:
在我的情况下,我使用的是CustomBinding而不是WSDualHttpBinding,但我最终在两端(客户端和服务器)使用完全相同的ServiceCertificate和ClientCertificate证书。
更具体地说,我有一个扩展System.ServiceModel.Description.ServiceCredentials
public class MyServiceCredentials : ServiceCredentials
{
public MyServiceCredentials() : base()
{
LoadCertificate();
}
public MyServiceCredentials(MyServiceCredentials other) : base(other)
{
LoadCertificate();
}
private void LoadCertificate()
{
ServiceCertificate.Certificate = _cert;
ClientCertificate.Certificate = _cert;
ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
}
}
我在客户端和服务器实现中将其中一个传递给我的CustomBinding构造函数。
无论如何,我认为因为绑定启用了Message安全性,它期望在两个方向都有消息级安全性,因此它需要双方的证书(ServiceCertificate和ClientCertificate)。
我可能完全错了,我只是说;尝试一下,看看是否有帮助...