我正在与一个公开Java Web服务的供应商合作。我已经创建了一个WCF客户端来使用它们的服务,但是我遇到了一些客户端证书问题。供应商声称我们的请求不包含客户端证书,并拒绝我们的请求。我不是100%相信这是我们的一面,但我想确保我没有遗漏任何证书配置。
App.Config中
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior">
<clientCredentials>
<clientCertificate findValue="[CLIENT_CERT_NAME]" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<bindings>
<basicHttpBinding>
<binding name="VendServiceBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://[SERVICE_URL]/Vend/VendService"
binding="basicHttpBinding" bindingConfiguration="VendServiceBinding"
contract="VendService" name="VendService" behaviorConfiguration="NewBehavior" />
</client>
</system.serviceModel>
Client.cs
VendServiceClient client = new VendServiceClient("VendService");
createMemberResponse response = new createMemberResponse();
createMember member = new createMember();
// Check Certificate Just Before Executing
string certCheck = Environment.NewLine + "Check Certificate Just Before Executing - ClientCredentials Name: " + client.ClientCredentials.ClientCertificate.Certificate.GetNameInfo(
System.Security.Cryptography.X509Certificates.X509NameType.SimpleName
, false) + Environment.NewLine;
member = GetCreateMember(reader, siteConfig, recordID);
response = client.createMember(member);
returnStatus = response.VendHeader.ReturnStatus;
DetailedErrorMessage = response.VendBody.Vend.DetailedErrorMessage;
在执行期间,我可以检查“certCheck”并查看证书的名称,因此我知道我将从证书库中取出它。我也假设这意味着当我向“client.createMember()”发出请求时,应附加证书。我得到的错误是通过对供应商正在执行的证书的一些自定义验证...可能问题是他们的验证???
当我安装证书(.pfx)时,我需要输入密码,我是否也需要此密码才能使用证书?我没有在配置或代码中的任何地方添加它。
关于如何确认我的请求包含客户端证书的任何想法?
[UPDATE] 我终于能够运行Fiddler了,我期待在标题中看到一些证书细节,但这就是我所拥有的。这是否意味着我没有发送证书?
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<ActivityId xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" CorrelationId="10afd012-1130-42ea-aaa8-281c9fab723a">395f129c-fd59-48b1-a19d-387bbffe1465</ActivityId>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<createMember xmlns="http://[SERVICE_URL]/Vend/VendService">
<createMember xmlns="">
<VendHeader>
[UPDATE] 我有小提琴工作,看着“隧道到”线我可以看到服务器的证书,但没有我自己的客户端证书。仍然困惑,它应该在这里吗?
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 10:37:08.575
Connection: close
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls
Cipher: Rc4 128bits
Hash Algorithm: Md5 128bits
Key Exchange: RsaKeyX 2048bits
== Server Certificate ==========