https通过WCF中的basicHttpBinding

时间:2012-04-23 10:11:09

标签: wcf

我正在尝试让https在WCF中使用basicHttpBinding。该服务似乎运行正常,但是当我尝试运行我的客户端并且当它调用服务上的一个方法时,我得到以下异常:

无法与权限'sfs-111:20023'建立SSL / TLS安全通道的信任关系。

我在下面提供了我的代码和配置文件。如果有人能提供帮助,我将非常感激。

请注意,我是WCF的新手。

这是我的服务APP.CONFIG:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

    <!-- DEBUG - TURN ON TRACING -->
    <system.diagnostics>
        <sources>
            <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
                <listeners>
                    <add name="traceListener"
                            type="System.Diagnostics.XmlWriterTraceListener"
                            initializeData= "c:\tahseen\dd\WCFServer.svclog" />
                </listeners>
            </source>
        </sources>
    </system.diagnostics>

    <system.serviceModel>
        <behaviors>
            <serviceBehaviors>

                <!-- BEHAVIOR FOR META DATA -->
                <behavior name="DeltaServiceBehavior">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceCredentials>
                        <windowsAuthentication includeWindowsGroups="false" allowAnonymousLogons="false" />
                    </serviceCredentials>
                    <dataContractSerializer maxItemsInObjectGraph="100000000" />
                </behavior>

                <!-- BEHAVIOR FOR TRANSPORT SECURITY -->
                <behavior name="SecureBehavior">
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceCredentials>
                        <clientCertificate>
                            <authentication certificateValidationMode="PeerTrust" />
                        </clientCertificate>
                        <serviceCertificate findValue="sfs-Test" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
                    </serviceCredentials>
                    <dataContractSerializer maxItemsInObjectGraph="100000000" />
                </behavior>

            </serviceBehaviors>
        </behaviors>

        <bindings>

            <!-- DEFINE BINDING -->
            <basicHttpBinding>
                <binding name="HttpBinding_AlphaSystem">
                    <security mode="Transport">
                        <transport clientCredentialType="Certificate" />
                    </security>
                </binding>
            </basicHttpBinding>

        </bindings>        
        <services>

            <!-- DEFINE SERVICE -->
            <service behaviorConfiguration="SecureBehavior" name="Alpha.Services.DeltaService.DeltaService">

                <!-- ENDPOINT FOR METADATA -->
                <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="" contract="IMetadataExchange" />

                <!-- ENDPOINT FOR DATA -->
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="HttpBinding_AlphaSystem" contract="Alpha.Services.DeltaService.IDeltaService"/>                    

                <!-- BASE ADDRESSES FOR SERVICE-->
                <host>
                    <baseAddresses>
                        <add baseAddress="http://SFS-111:20022/DeltaService" />
                        <add baseAddress="https://SFS-111:20023/DeltaService" />
                    </baseAddresses>
                </host>
            </service>

        </services>
    </system.serviceModel>
</configuration>

这是我的客户APP.CONFIG:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.diagnostics>
        <sources>
            <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
                <listeners>
                    <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\tahseen\dd\WCFClient.svclog"    />
                </listeners>
            </source>
        </sources>
    </system.diagnostics>

    <system.serviceModel>

        <!-- DEFINE SECURE BEHAVIOR -->
        <behaviors>
            <endpointBehaviors>
                <behavior name="ClientBehavior">
                    <clientCredentials>
                        <clientCertificate findValue="sfs-Client" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
                        <serviceCertificate>
                            <authentication certificateValidationMode="PeerTrust"/>
                        </serviceCertificate>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>

        <bindings>
            <basicHttpBinding>
                <binding name="BasicHttpBinding_IDeltaService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" 
        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="Transport">
                        <transport clientCredentialType="Certificate" realm="" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://sfs-111:20023/DeltaService" binding="basicHttpBinding" behaviorConfiguration ="ClientBehavior"
                bindingConfiguration="BasicHttpBinding_IDeltaService" contract="DeltaService.IDeltaService"
                name="BasicHttpBinding_IDeltaService">
                <identity>
                    <dns value="sfs-Test" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

这是我的服务代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Description;

namespace Alpha.Services.DeltaService
{
    public class DeltaService : IDeltaService
    {
        public int timesTwo(int n)
        {
            return n * 2;
        }
    }

    [ServiceContract]
    interface IDeltaService
    {
        [OperationContract]
        int timesTwo(int n);
    }

    public class App
    {
        public static void Main(string[] args)
        {
            //DeltaService service = new DeltaService();
            ServiceHost serviceHost = new ServiceHost(typeof(DeltaService));
            serviceHost.Open();

            Console.WriteLine("Press any key to exit");
            Console.ReadKey();

            serviceHost.Close();
        }
    }
}

这是我的客户代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace WCFClient
{
    class Program
    {
        static void Main(string[] args)
        {
            DeltaService.IDeltaService service = new DeltaService.DeltaServiceClient();

            int result = service.timesTwo(5);

            Console.WriteLine(result);
        }
    }
}

1 个答案:

答案 0 :(得分:2)

仅用于测试,尝试在客户端上禁用ssl验证:

http://webservices20.blogspot.com/2008/12/wcf-gotcha-disabling-ssl-validation.html

using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
...
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidationCallback); 
...
public static bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{ 
return true;
}