客户如何获得服务安全SSL?

时间:2012-07-18 08:13:37

标签: c# wcf web-services

我有一个服务类:

namespace TestService
{
    public class Service:IService 
    {
        #region IService Members

        public string TestCall()
        {
            return "You just called a WCF webservice On SSL(Transport Layer Security)";
        }

        #endregion
    }
}

和配置服务:

<configuration>
    <system.serviceModel>
        <services>
            <service behaviorConfiguration="returnFaults" name="TestService.Service">
                <endpoint binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="TestService.IService"/>
                <endpoint address="mex" binding="mexHttpsBinding" name="MetadataBinding" contract="IMetadataExchange"/>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="returnFaults">
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                    <serviceMetadata httpsGetEnabled="true"/>
                    <serviceTimeouts/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <bindings>
            <wsHttpBinding>
                <binding name="TransportSecurity">
                    <security mode="Transport">
                        <transport clientCredentialType="None"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <diagnostics>
            <messageLogging logEntireMessage="true" maxMessagesToLog="300" logMessagesAtServiceLevel="true" logMalformedMessages="true" logMessagesAtTransportLevel="true"/>
        </diagnostics>
    </system.serviceModel>
</configuration>

我为IIS设置服务并设置http,https用于服务 在https:“https://localhost/service.svc” 和http:“http://localhost/service.svc” 设置https时我已设置证书“WCFServer”。我可以访问地址“https://localhost/service.svc”的服务。 我在地址“https://localhost/service.svc”添加了服务引用并致电服务:

   ServiceReference1.ServiceClient proxy = new ServiceReference1.ServiceClient();
            proxy.TestCall();

它返回错误:

  

根据验证,远程证书无效   过程

此配置客户端:

<configuration>


  <system.web>
    <compilation debug="true" targetFramework="4.0" />


  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_IService">
          <security mode="Transport">
            <transport clientCredentialType="None" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://thanguk-pc/service.svc" binding="wsHttpBinding" behaviorConfiguration="firstSsl"
        bindingConfiguration="WSHttpBinding_IService" contract="ServiceReference1.IService"
        name="WSHttpBinding_IService" >
        <identity>
          <dns value="WcfServer" />
        </identity>
      </endpoint>
    </client>
    <behaviors>
      <endpointBehaviors>
        <behavior name="firstSsl">
          <clientCredentials>
            <serviceCertificate>
              <authentication certificateValidationMode="None" revocationMode="NoCheck"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

客户使用服务时有什么问题?感谢

1 个答案:

答案 0 :(得分:1)

WCF配置对我来说很好看。因此,我将开始关注您的证书,证书安装和hostname(正如@flem所指出的那样)。谁颁发了证书?听起来它可能是自签名的。在SSL handshake期间,客户端上不会信任自签名证书。您可以在服务器上运行netmon(打开TLS过滤器)并查看SSL握手。这可以让您深入了解发生故障的位置。

一个提示是,为了使您的服务正常工作,您应该能够从客户端通过https浏览元数据(.svc),而不会出现任何浏览器证书错误(例如,Chrome上的绿色锁定)。如果浏览器变为绿色,则通常会正确安装和配置证书。否则,WCF也会拒绝它(但不会给你选择继续)。

相关问题
最新问题