WCF customBinding与客户端证书

时间:2012-04-20 08:52:29

标签: wcf soap certificate

我正在尝试使用SOAP 1.2,TLS和客户端证书创建一个customBinding来调用Web服务。我不记得,这只适用于customBinding

我定义了以下行为:

<behaviors>
    <endpointBehaviors>
        <behavior name="TehRightBehaviour">
            <clientCredentials>
                <serviceCertificate>
                    <defaultCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
                    <authentication revocationMode="NoCheck" certificateValidationMode="None" />
                </serviceCertificate>
            </clientCredentials>
        </behavior>
    </endpointBehaviors>
</behaviors>

客户端确实找到了证书,如果我指定了错误的名称,它会引发错误。我的绑定看起来像:

<customBinding>
    <binding name="TehRealBinding">
        <transactionFlow />
        <textMessageEncoding messageVersion="Soap12" />
        <security authenticationMode="MutualCertificate" />
        <httpsTransport requireClientCertificate="true" />
    </binding>
</customBinding>

我将它结合起来,如:

<client>
    <endpoint address="https://hestia1:8081/cm/main"
        behaviorConfiguration="TehRightBehaviour"
        binding="customBinding"
        bindingConfiguration="TehRealBinding"
        contract="BrightMain.CMMainService"
        name="cmmain" />
</client>

问题是,如果我调用Web服务,它会引发一个例外

  

“未提供客户端证书。在ClientCredentials中指定客户端证书。”

我发现指定证书有几点,显然我使用的是错误的证书。所以我的问题是:哪一个是正确的?

提前致谢, 克里斯托弗

编辑:也许,我应该学习阅读,因为指定<serviceCertificate>显然是不合适的。我现在要检查一下......

2 个答案:

答案 0 :(得分:2)

我应该是这样的

<behavior name="TehRightBehaviour">
    <clientCredentials>
        <!-- clientCertificate not defaultCertificate -->
        <clientCertificate findValue="WebInterface" x509FindType="FindBySubjectName" />
        <serviceCertificate>
            <authentication revocationMode="NoCheck" certificateValidationMode="None" />
        </serviceCertificate>
    </clientCredentials>
</behavior>

答案 1 :(得分:1)

我在“个人”下安装了证书并使用了以下代码,它对我有用。

X509Store keystore = new X509Store(StoreName.My, StoreLocation.CurrentUser);              
keystore.Open(OpenFlags.ReadOnly);

var certificates = keystore.Certificates;
foreach (var certificate in certificates)
{
    var friendlyName = certificate.FriendlyName;
    var xname = certificate.GetName();
}
X509Certificate certificatex = certificates[0];
X509Certificate2Collection certs = keystore.Certificates.Find(X509FindType.
            FindBySubjectName, "Name of subject", false);

然后您将在客户请求中传递它

xyzClient.ClientCredentials.ClientCertificate.Certificate = certs[0];
相关问题
最新问题