我有一个托管在IIS上的WCF服务,以及一个试图连接到它的Windows窗体客户端。
应该保护WCF服务,因此IIS Web应用程序配置为使用由我们的开发环境发布到“localhost”的域(CA在域上)颁发的证书。
IIS上的SSL设置设置为“要求SSL”和“客户端证书=要求”。
WCF服务使用自定义绑定,web.config中的配置如下:
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
</diagnostics>
<services>
<service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<!--<host>
<baseAddresses>
<add baseAddress="http://localhost:8999/" />
</baseAddresses>
</host>-->
</service>
</services>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration">
<MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SpecificBehaviorType">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
要使客户端能够连接到服务,我们将“localhost”证书导出为“localhost.cer”文件并在我们的代码中使用该文件(这应该是客户端特有的另一个可信证书,但我们正在使用localhost一个用于测试目的)。 客户端配置是以编程方式完成的(根据我的知识,没有具体原因)。
客户端代码如下:
Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
'TODO: set quotas for message size
Dim binding As New CustomBinding()
binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
'TODO: make configurable to support both http and https
If isHttps Then
Dim httpsBinding As New HttpsTransportBindingElement
binding.Elements.Add(httpsBinding)
Else
Dim transport As New HttpTransportBindingElement()
binding.Elements.Add(transport)
End If
Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))
channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))
If isHttps Then
For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
Exit For
End If
Next
End If
channelFactory.Open()
Dim channel = channelFactory.CreateChannel()
channel.Open()
现在问题是,一旦我们尝试建立连接,我们得到“HTTP请求被禁止使用客户端身份验证方案'匿名'”
我们试图改变:
httpsBinding.AuthenticationScheme
但没有用。
我错过了什么?
答案 0 :(得分:0)