我正在开发一个WCF Web服务和WCF客户端应用程序,它应该使用证书对SOAP消息体进行签名。
我已在我的服务界面中启用了[ServiceContract(ProtectionLevel = ProtectionLevel.Sign)]。
服务Web.config配置
<system.serviceModel>
<services>
<service name="ApsService.Service" behaviorConfiguration="ApsServiceBehaviour">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="ApsService.IService">
<identity>
<dns value="WcfClient"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<protocolMapping>
<add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding" >
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ApsServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
<certificate x509FindType="FindBySubjectName"
findValue="WcfClient" storeName="TrustedPeople" storeLocation="LocalMachine" />
</clientCertificate>
<serviceCertificate x509FindType="FindBySubjectName"
findValue="WCfServer" storeName="TrustedPeople" storeLocation="LocalMachine" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!--<authentication revocationMode="NoCheck" customCertificateValidatorType="ApsService.ApsCertificatesValidator,ApsService"
certificateValidationMode="Custom" />-->
</system.serviceModel>
客户端App.config配置
<system.serviceModel>
<client>
<endpoint address="http://localhost/ApsService/Service.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
contract="ApsService.IService" name="WSHttpBinding_IService">
<identity>
<dns value="WCfServer" />
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
<defaultCertificate findValue="WCfServer" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
我遇到的问题是 MessageSecurityException 异常,文本“主要签名必须加密。”当网络服务尝试向客户申请。我找不到如何解决这个问题,可能是我配置中缺少的东西?
答案 0 :(得分:1)
问题通过自定义绑定解决,它通过以下方式禁用签名确认:
requireSignatureConfirmation="false"
客户端app.config
<client>
<endpoint address="http://localhost/ApsService/Service.svc" binding="customBinding" bindingConfiguration="WSHttpBinding_IService"
contract="ApsService.IService" name="WSHttpBinding_IService">
<identity>
<dns value="WcfServer" />
</identity>
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="WSHttpBinding_IService">
<security defaultAlgorithmSuite="Default" authenticationMode="SecureConversation"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false" canRenewSecurityContextToken="true">
<secureConversationBootstrap defaultAlgorithmSuite="Default"
authenticationMode="MutualSslNegotiated" requireDerivedKeys="true"
includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false">
<localClientSettings detectReplays="true" />
<localServiceSettings detectReplays="true" />
</secureConversationBootstrap>
<localClientSettings detectReplays="true" />
<localServiceSettings detectReplays="true" />
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
<defaultCertificate findValue="WCfServer" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
答案 1 :(得分:0)
如果忘记设置保护级别,则会出现同样的错误。
[ServiceContract(ProtectionLevel = ProtectionLevel.Sign)]
答案 2 :(得分:0)
不知道这是否可能对任何人都有用,但是我最近遇到了这个问题。就我而言,解决方案是将项目升级到更新的.NET版本。