我开发了一个WCF服务,它使用带有所需客户端证书的传输安全性。 它托管在IIS 7.5上并且要求检查客户端证书。 我已经设置了一个mex端点,并且能够在https://mydomain.com/Folder/Service.svc/mex?wsdl的浏览器中查看wsdl。 使用SoapUI,我能够成功连接,服务完美无缺。
但是,我想使用svcutil.exe设置测试客户端,因为这是我的客户端将要创建客户端的操作。 但是,当我跑:
svcutil https://mydomain.com/Folder/Service.svc/mex?wsdl /svcutilConfig:app.config
我收到以下错误:
C:\Program Files\Microsoft Visual Studio 9.0\VC>svcutil https://mydomain.com/Folder/Service.svc/mex?wsdl /svcutilConfig:app.config
Microsoft (R) Service Model Metadata Tool
[Microsoft (R) Windows (R) Communication Foundation, Version 3.0.4506.2152]
Copyright (c) Microsoft Corporation. All rights reserved.
Attempting to download metadata from 'https://mydomain.com/Folder/Service.svc/mex?wsdl' using WS-Metadata Exchange or DISCO.
Microsoft (R) Service Model Metadata Tool
[Microsoft (R) Windows (R) Communication Foundation, Version 3.0.4506.2152]
Copyright (c) Microsoft Corporation. All rights reserved.
Error: Cannot obtain Metadata from https://mydomain.com/Folder/Service.svc/mex?wsdl
If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.
WS-Metadata Exchange Error
URI: https://mydomain.com/Folder/Service.svc/mex?wsdl
Metadata contains a reference that cannot be resolved: 'https://mydomain.com/Folder/Service.svc/mex?wsdl'.
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
The remote server returned an error: (403) Forbidden.
HTTP GET Error
URI: https://mydomain.com/Folder/Service.svc/mex?wsdl
There was an error downloading 'https://mydomain.com/Folder/Service.svc/mex?wsdl'.
The request failed with HTTP status 403: Forbidden.
以下是我的服务器web.config文件中的相关配置:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MyServices">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="MyService.MyServiceManager">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyServices"
name="MyServices" contract="MyService.IMyServiceManager">
<identity>
<dns value="mydomain.com" />
</identity>
</endpoint>
<endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="MyServices"
name="mexEndpoint" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://mydomain.com:443/Folder/Service.svc/mex"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=tempClientcert"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
这是我的客户端/svcutilConfig:app.config文件:
<configuration>
<system.serviceModel>
<client>
<endpoint name="mexEndpoint" address="mex" binding="wsHttpBinding" contract="IMetadataExchange" behaviorConfiguration="MyBehavior" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MyBehavior">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectDistinguishedName" findValue="CN=tempClientcert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
我无法弄清楚为什么这种配置不起作用。 此外,所有wsdl导入都会解析为正确的FQDN URL,并且在IIS中启用匿名身份验证。
任何帮助将不胜感激。 非常感谢你的帮助。
答案 0 :(得分:2)
也打这个。我唯一能想到的是你引用了一个无法找到的证书,在这种情况下svcutil似乎没有正确地失败。该证书肯定是在正确的商店,并具有可分辨的名称(不只是'常规'主题名称)?
无论如何,我解决这个问题的时间太长了,我决定写一篇关于如何做的博客文章,可以在这里找到:http://blogs.msdn.com/b/stephens_scratchpad/archive/2012/12/19/client-certificates-for-https-wcf-services.aspx - 希望它对某人有所帮助!
答案 1 :(得分:0)
旧问题,但我需要在客户端证书过期后更改它(之后它不起作用!)但是在更改之后,浏览器在wsdl端点上工作但是svcutil没有,它是由Windows凭证引起的管理器,您可以在其中存储针对URL的证书,以便在访问URL时自动上载。
我忘了用新证书更新凭据管理器!