我有一个项目要求我们需要公开一个简单的SOAP 1.1 ack / nack webservice,它使用TLS和WS-Security标头中的用户名/密码进行保护。我创建了以下自定义绑定和行为
<binding name="itkService" closeTimeout="00:10:01" openTimeout="00:10:01"
receiveTimeout="00:10:01" sendTimeout="00:10:00.0000001">
<sslStreamSecurity requireClientCertificate="true" />
<security enableUnsecuredResponse="true" authenticationMode="UserNameOverTransport" includeTimestamp="true" requireSecurityContextCancellation="true">
<localClientSettings maxClockSkew="24.20:31:23.6470000" />
<localServiceSettings maxClockSkew="24.20:31:23.6470000" />
<secureConversationBootstrap authenticationMode="UserNameOverTransport" />
</security>
<customTextMessageEncoding messageVersion="Soap11WSAddressing10" mediaType="text/xml" encoding="utf-8">
<readerQuotas maxStringContentLength="1024" />
</customTextMessageEncoding>
<httpsTransport maxReceivedMessageSize="10485760" keepAliveEnabled="true" maxBufferSize="10485760" />
</binding>
<behavior name="webHttpEnablingBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication customCertificateValidatorType="ITKCore.Validation.MyCertificateValidator, ITKCore"
certificateValidationMode="Custom" />
</clientCertificate>
<serviceCertificate findValue="Sub CA" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByIssuerName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ITKCore.Validation.UsernameValidator, ITKCore" />
</serviceCredentials>
</behavior>
但是,部分服务请求验证逻辑表明我们必须使用提供的TLS证书并根据访问控制列表检查主题可分辨名称。我有一个挖掘,但无法找到实际检索运输证书的方法。
有没有人对如何在WCF中进行此操作有任何建议?