我有以下代码:
public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate)
{
ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate");
MyApp4SITHSService.IMyApp4SITHSServiceContract service;
GetUserDataResponse response;
factory.Credentials.ClientCertificate.Certificate = certificate;
//factory.Credentials.UserName.UserName = "me";
//factory.Credentials.UserName.Password = "password";
service = factory.CreateChannel();
LogHandler.WriteLine("Connecting to service");
response = service.GetUserData(new GetUserDataRequest());
LogHandler.WriteLine("Data received");
factory.Abort();
return response;
}
我第一次运行它时效果很好,第二次在service.GetUserData上获得以下异常:
发生了'System.ServiceModel.Security.SecurityNegotiationException'类型的第一次机会异常 在mscorlib.dll中
对SSPI的调用失败,请参阅内部异常。
无法联系本地安全机构
我使用以下配置:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateEndpointBehavior">
<clientCredentials>
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>-->
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>-->
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="1000"
maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="Infinite"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll"
behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding"
bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract"
name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate">
<identity>
<dns value="MyAppServer" />
</identity>
</endpoint>
</client>
</system.serviceModel>
知道为什么我会遇到这个问题以及如何解决它?
答案 0 :(得分:4)
服务器无权联系本地计算机证书存储区以验证传入证书的信任
答案 1 :(得分:2)
原因是证书可能未被验证为可信任,这里有一些链接,试着查看是否有任何关闭。也发布你的整个错误堆栈。 link one link two
代码示例
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<clientCertificate findValue="www.testclient.eu"
storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication
trustedStoreLocation="CurrentUser"
certificateValidationMode="PeerTrust"/>
<defaultCertificate
findValue='www.testsvc.eu'
storeLocation='CurrentUser'
storeName='My'
x509FindType='FindBySubjectName' />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
答案 2 :(得分:1)
请检查&#34;身份&#34; web.config或App.config文件中的元素。如果&#34;身份&#34;元素存在然后评论或删除它。你的问题将得到解决。