我正在尝试配置2路SSL。我正在
'Client certificate is required. No certificate was found in the request. This might be because the client certificate could not be successfully validated by the operating system or IIS. For information on how to bypass those validations and use a custom X509CertificateValidator in WCF please see http://go.microsoft.com/fwlink/?LinkId=208540.'
。
在客户端应用上,我收到错误 " HTTP请求被禁止使用客户端身份验证方案' Anonymous'。"
WCF托管在IIS中并使用通配符证书' *。mySite.com'
我的WCF web.config:
<serviceBehaviors>
<behavior name="MySslServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<dataContractSerializer maxItemsInObjectGraph="16777216" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Wcfproject.Util.MyServiceAuthorizationManager, MyProjectName"/>
<serviceCertificate findValue="*.mySite.com"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="Root"
/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<bindings>
<basicHttpBinding>
<binding name="2WaySecureBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="MySslServiceBehavior" name="MyServiceName">
<!--2 way SSL-->
<endpoint bindingNamespace="http://myNamespace/V1" binding="basicHttpBinding" bindingConfiguration="2WaySecureBinding" name="httpsBinding" contract="MyServiceName"/>
</service>
</services>
我的客户端配置:
<client>
<endpoint address="https://2wayWcfProject.mySite.com/MyServiceName.svc" binding="customBinding"
bindingConfiguration="httpsBinding" contract="MyServiceReference.MyServiceName" behaviorConfiguration="CustomBehavior"
name="httpsBinding" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="*.ClientSite.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="Root" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="httpsBinding">
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
我已导出客户站点证书&#39; * .ClientSite.com&#39; as .pfx并将其添加/导入到服务器上的受信任证书(mmc.exe) - &gt;个人&#39;中的证书(本地计算机)和&#39;受信任的根证书颁发机构&#39;。