我正在开发一个WCF服务和客户端,如果在同一台机器上,使用相同的证书(如果我有一个用于客户端,一个用于服务器)也可以正常工作。 但是,如果我将服务部署到IIS(作为网站的一部分),我会得到一个模糊的错误,无需搜索,我真的不知道还有什么要寻找的。所有证书到位。 我收到“从另一方收到无担保或错误安全的错误”
服务器配置(ServiceModel部分)
<system.serviceModel>
<services>
<service behaviorConfiguration="CertificateServiceBehavior" name="ASPApplication.Service.IncomingDataService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="IncomingDataBinding"
name="IncomingDataEndpoint" contract="ASPApplication.Service.IIncomingDataService">
<identity>
<dns value="www.testserver.com" />
</identity>
</endpoint>
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CertificateServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="www.testserver.com"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName"/>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<wsHttpBinding>
<binding name="IncomingDataBinding" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<message algorithmSuite="Basic128"
clientCredentialType="Certificate"
negotiateServiceCredential="false"
establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
客户端配置(ServiceModel部分)该地址是故意隐藏的
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IIncomingDataService" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<message clientCredentialType="Certificate" negotiateServiceCredential="false"
algorithmSuite="Basic128" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateServiceBehavior">
<clientCredentials>
<clientCertificate findValue="www.testserver.com"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName"/>
<serviceCertificate >
<defaultCertificate findValue="www.testserver.com"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName"/>
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://xxx.xxx.xxx.xxx/Services/IncomingDataService.svc"
behaviorConfiguration="CertificateServiceBehavior" binding="wsHttpBinding"
bindingConfiguration="wsHttpBinding_IIncomingDataService" contract="IncomingDataService.IIncomingDataService"
name="wsHttpBinding_IIncomingDataService">
<identity>
<dns value="www.testserver.com" />
</identity>
</endpoint>
</client>
</system.serviceModel>