在我之前的问题 - WCF client for consuming ASMX service with WS-Security之后,我需要配置一个WCF服务,该服务将使用WS-Security接收SOAP请求(请求样本可以在链接中找到)。
这是我的配置文件:
<system.serviceModel>
<services>
<service name="Service.Service1" behaviorConfiguration="customBindingBehavior">
<endpoint address="http://localhost/Service1.svc"
binding="customBinding"
bindingConfiguration="NewBinding0"
name="ServiceEndpoint"
contract="Service.Contracts.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="customBindingBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="xxx" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
<clientCertificate>
<certificate findValue="yyy" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="TrustedPeople" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<security authenticationMode="MutualCertificate">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
服务证书包含私钥以便对响应进行签名。
客户端证书仅包含用于对请求进行签名的客户端私钥的相应公钥。
我收到与服务证书相关的以下异常:
“证书'CN = xxxxxx'必须有一个能够进行密钥交换的私钥。该进程必须具有私钥的访问权限。”
我该如何解决?
提前致谢!
编辑:
我得到的例外:
System.ArgumentException: It is likely that certificate 'CN=xxx' may not have a private key that is capable of key exchange or the process may not have access rights for the private key.
at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
at System.ServiceModel.Security.AsymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)
答案 0 :(得分:1)
如果错误在服务器或客户端证书上,则不会从消息中清除。无论如何,您只需要配置服务器证书。客户端证书将根据您在行为中指定的策略进行验证。
你可以使用这个绑定:
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
还要确保用以下内容装饰服务合同:
[ServiceContract(ProtectionLevel=System.Net.ProtectionLevel.Sign)]
答案 1 :(得分:0)
在Windows 8.1上使用Visual Studio 2012调试客户端应用程序时遇到了同样的问题。根据给出的错误消息,您在从Visual Studio运行应用程序时也会收到此错误。打开Visual Studio“以管理员身份运行”解决问题。