问题:
我正在一台机器上开发这个程序。
该服务在开发服务器中运行良好,但是当我尝试在IIS中托管服务时,它给出了一个错误:
使用以下搜索条件找不到X.509证书:StoreName'My',StoreLocation'IntellUser',FindType'FindBySubjectName',FindValue'WCFServer'。
那么我还能解决这个问题吗? 我正在尝试使用
中的代码http://www.codeproject.com/KB/WCF/9StepsWCF.aspx
证书创建
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCfServer -sky exchange -pe
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WcfClient -sky exchange -pe
MMC中的“个人和受信任人”文件夹中存在证书
服务有一个函数接受一个数字并返回字符串并且工作正常
这是我的服务web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="WCFServiceCertificate.Service1" behaviorConfiguration="WCFServiceCertificate.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="WCFServiceCertificate.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFServiceCertificate.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>
<serviceCertificate findValue="WcfServer"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
这是我的客户端配置
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:1387/Service1.svc" behaviorConfiguration="CustomBehavior"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAA9YoGKvsMLFkeO1WjaCLReQuz1ysgAAAAAQAAALUBAAAwggGxMIIBX6ADAgECAhDDvb3bnmzhsERpNTWEBYQXMAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3kwHhcNMTEwMzA0MDcwNzU3WhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlXY2ZTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM9e4DwCDYJ4l6myt1QadHzXoqCH2wa1aUjiab1aK/7d/1LZ00KfPJw8kKB358serjEi9SMg0UeyGtl0+byJ8PqShfv4MUTHZcPaWy99vHaYHwH7T9hVwY5RANBWyFy6nf1rXDh/cB2qm0Q/xN5xElOtheFqUoL8Ua6fcP33BAWPAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAKlaHJQNdC9VgPuHlVuniQJd+fHoVOU62nl374iXYdQus5KDgKz9RHWAtjhpToBB4sOXOnwTkJfcyJWBf6J14Mw==" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="WcfClient"
x509FindType="FindBySubjectName"
storeLocation="CurrentUser"
storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
并使用此
简单地在客户端调用服务 Service1Client obj = new Service1Client();
Response.Write(obj.GetData(12));
现在,当我运行时,一切正常,没有问题。
因为您可以在开发服务器上运行服务。
但是当我尝试在IIS中托管服务时,它会给我一个错误
使用以下搜索条件找不到X.509证书: StoreName'My',StoreLocation'CurrentUser',FindType 'FindBySubjectName',FindValue'WCFServer'。
那么我还能解决这个问题吗?
答案 0 :(得分:14)
提到 x0n 时,Cassini将作为您当前的用户运行,但IIS将作为IUSR运行。使用私钥将证书导入LocalMachine \ Personal(LocalMachine \ My),并从中更改服务配置:
<serviceCertificate findValue="WcfServer"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
对此:
<serviceCertificate findValue="WcfServer"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
答案 1 :(得分:2)
您可能需要设置dns值,即客户端&gt; endopoint&gt; indentity中的证书名称(如下面的代码所述)
<client>
<endpoint address="http://localhost/FrontPMWebServiceSetup111/FpmService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
contract="FPMServiceReference.IService" name="WSHttpBinding_IService">
<identity>
<dns value="WCfServer" />
</identity>
</endpoint>
</client>
答案 2 :(得分:1)
在计算机商店的“我的”中安装证书,以使其可供所有用户使用。您已将其安装在当前用户的“我的”中。开发服务器作为当前用户运行,这就是它工作的原因。
答案 3 :(得分:0)
显然,在配置的位置找不到证书。确保您使用哪个用户来运行该服务。也许该服务在本地系统帐户或本地服务帐户或IIS用户上运行,并且您将该证书安装为其他用户?在MMC中添加一个管理单元,以查看服务帐户或您用于服务的其他帐户(非当前用户)中的证书。