仅限Windows XP上的自签名证书和CertificateValidationMode

Question

我的所有代码都是.Net 4.0。

我使用证书+用户名/密码验证的wcf服务。在我的服务中，我使用了自签名证书，因此加载到客户端的公钥应该转到Trusted People商店。我知道这一点。

我使用频道工厂打开连接。我的代码如下：

    public static ChannelFactory<T> CreateMyServiceClientChannel<T>(string serviceUrl, string serviceUsername, string servicePassword)
    {
        NetTcpBinding binding = new NetTcpBinding();
        binding.Security.Mode = SecurityMode.Message;
        binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
        binding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

        X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2 clientCertificate = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(cert => cert.Subject == "CN=MyServicesCert");
        store.Close();

        // Instantiate the EndPointAddress using the Service URL, endpoint identity
        Uri baseAddress = new Uri(serviceUrl);
        EndpointIdentity epi = EndpointIdentity.CreateX509CertificateIdentity(clientCertificate);
        EndpointAddress endpoint = new EndpointAddress(baseAddress, epi);

        // Create the Channel Factory instance using binding and end point variables. 
        ChannelFactory<T> channelFactory = new ChannelFactory<T>(binding, endpoint);

        // set credentials
        channelFactory.Credentials.UserName.UserName = serviceUsername;
        channelFactory.Credentials.UserName.Password = servicePassword;

        channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

        // Return the channel factory
        return channelFactory;
    }

这里的问题是倒数第二句：

channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; 

在我的Windows 7机器中，我不必包含它，我可以正确地与服务进行通信。但是在Windows XP机器中，如果我不包含它，我就会出现异常

  

System.ServiceModel.Security.SecurityNegotiationException：SOAP   与'net.tcp：// my-server：20800 / my-service.svc'进行安全协商   目标'net.tcp：// my-server：20800 / my-service.svc'失败。看到   更多细节的内部异常。 ---＆GT;   System.IdentityModel.Tokens.SecurityTokenValidationException：The   X.509证书CN = MyServicesCert链构建失败。该   使用的证书具有无法验证的信任链。   替换证书或更改certificateValidationMode。一个   证书链已处理，但已在根证书中终止   信任提供者不信任。

所以看起来.net在Windows 7和XP之间表现不同，那是怎么回事？