wcf UserNamePasswordValidator类和客户端证书

Question

我在wcf中使用自定义UserNamePassword Validator进行安全实现。为此我创建了自签名证书。在尝试使用Web服务时，我收到以下错误“无法与SSL / TLS安全通道建立信任关系权威”。谷歌搜索了一段时间后，我发现需要在客户端安装证书。所以我的问题是

1) Is it always required to install certificate on the client even if we used trusted third party?
2) Is it possible to implement UserNamePassword without any certificate?

Answer 1

问题1

不，不需要。

在服务器端，你应该添加这样的行为

<behavior name="SecureBehavior">
  <serviceMetadata httpGetEnabled="true" />  
  <serviceCredentials>
    <!-- 
    The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.                  
    -->
    <userNameAuthentication userNamePasswordValidationMode="Custom"
                            customUserNamePasswordValidatorType="[Your.Custom.WCFUserValidator], [AssemblyName]"/>
    <!-- 
    The serviceCredentials behavior allows one to define a service certificate.
    A service certificate is used by a client to authenticate the service and provide message protection.
    This configuration references the "localhost" certificate installed during the setup instructions.
    -->
    <serviceCertificate findValue="[certificateName]" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
  </serviceCredentials>
</behavior>

然后将行为添加到服务器端点

<service name="[serviceName]" behaviorConfiguration="SecureBehavior">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsSecureConfig"
                  contract="[ContractName]" />
        <endpoint address="/MEX" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>

在客户端，您可以在配置文件中设置服务证书的公共部分，如下所示：

<endpoint address="http://..."
        binding="wsHttpBinding"
        contract="..."
        name="serviceName">
      <identity>
        <certificate encodedValue="[Encoded Value]" />
      </identity>
    </endpoint>

获取客户端配置的简便方法是通过Visual Studio（添加服务引用上下文菜单）在客户端项目中添加服务引用。这将添加一个配置文件，其中可以使用客户端端点。

问题2

如果使用自定义身份验证，则客户端凭据类型必须设置为UserName。这样可以将用户名和密码提交给服务以进行身份​​验证。是的，你必须使用证书。