basicHttpBinding身份验证错误

时间:2015-01-01 22:05:13

标签: c# web-services wcf basichttpbinding

我是网络服务新手,我需要将basicHttpBinding实施到wsHttpsBindingbasicHttpBinding的现有网络服务,以用于C#桌面应用程序。当我尝试使用桌面应用程序使用该服务时,我收到以下错误:

  

使用客户端身份验证方案' Anonymous'。

禁止HTTP请求

包含basicHttpBindingwsHttpsBinding的网络服务上的web.config文件如下所示:

<system.serviceModel>
<diagnostics>
  <messageLogging logEntireMessage="true" logMalformedMessages="true"
    logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true"
    maxMessagesToLog="25000">
    <filters>
      <clear />
    </filters>
  </messageLogging>
</diagnostics>

<behaviors>
  <serviceBehaviors>
    <behavior name="SecureBehave">
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="PeerTrust"/>
        </clientCertificate>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="HIBridgeLib.HIBridgeService.Security.MessageSecurityValidator, HIBridgeLib"/>
        <!--
        <serviceCertificate findValue="WCfServer"
          storeLocation="CurrentUser"
          storeName="My"
          x509FindType="FindBySubjectName" />
        -->
      </serviceCredentials>
      <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
      <serviceDebug includeExceptionDetailInFaults="True" />
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="HIBridge_SSLBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" negotiateServiceCredential="True" establishSecurityContext="True" />
      </security>
    </binding>
  </wsHttpBinding>

  <basicHttpBinding>
    <binding name="HIBridge_BasicBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
      </security>
      <readerQuotas maxStringContentLength="2147483647" />
    </binding>
  </basicHttpBinding>
</bindings>

<services>
  <service name="HIBridgeWebService.HIBridgeService" behaviorConfiguration="SecureBehave">
    <endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="HIBridge_BasicBinding" contract="HIBridgeLib.HIBridgeService.IHIBridgeService"></endpoint>
    <endpoint address="ws" binding="wsHttpBinding" bindingConfiguration="HIBridge_SSLBinding" contract="HIBridgeLib.HIBridgeService.IHIBridgeService"></endpoint>
    <host>
      <baseAddresses>
        <add baseAddress="https://10.50.1.85:1125/HIBridge/HIBridgeService.svc" />
      </baseAddresses>
    </host>
  </service>
</services>

userNameAuthentication看起来像这样:

namespace HIBridgeLib.HIBridgeService.Security
{
  public class MessageSecurityValidator : UserNamePasswordValidator
  {
     private const string USERNAME = "username";
     private const string PASSWORD = "password";

     public override void Validate(string userName, string password)
     {
        if (userName == null || password == null)
        {
            throw new ArgumentNullException();
        }

        if (USERNAME.Equals(userName) && PASSWORD.Equals(password))
        { 
        }
        else
        {    
            throw new FaultException("Invalid Message Security Credentials");
        }
    }
  }
}

我的桌面应用程序代码就像这样使用Web服务:

ChannelFactory<HIBridgeLib.HIBridgeService.IHIBridgeService> myChannelFactory = null;
HIBridgeLib.HIBridgeService.IHIBridgeService HIBridgeService = null;
System.ServiceModel.BasicHttpBinding basicHTTPBinding = new System.ServiceModel.BasicHttpBinding();

basicHTTPBinding.Name = "HIBridge_BasicBinding";
basicHTTPBinding.OpenTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.CloseTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.SendTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.ReceiveTimeout = TimeSpan.FromMinutes(10);
basicHTTPBinding.BypassProxyOnLocal = false;                
basicHTTPBinding.HostNameComparisonMode = System.ServiceModel.HostNameComparisonMode.StrongWildcard;
basicHTTPBinding.MaxBufferPoolSize = 2147483647;
basicHTTPBinding.MaxReceivedMessageSize = 2147483647;
basicHTTPBinding.MessageEncoding = System.ServiceModel.WSMessageEncoding.Text;
basicHTTPBinding.TextEncoding = Encoding.UTF8;
basicHTTPBinding.UseDefaultWebProxy = true;
basicHTTPBinding.AllowCookies = false;
basicHTTPBinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.TransportWithMessageCredential;
basicHTTPBinding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Certificate;
basicHTTPBinding.Security.Transport.ProxyCredentialType = System.ServiceModel.HttpProxyCredentialType.None;
basicHTTPBinding.Security.Transport.Realm = "";

System.ServiceModel.EndpointAddress endpointAddress = null;

if (LocalMedCart.CartProfile.ConsoleHostname.Contains("/HIBridge/HIBridgeService.svc"))
      endpointAddress = new System.ServiceModel.EndpointAddress(LocalMedCart.CartProfile.ConsoleHostname + "/basic");
else
      endpointAddress = new System.ServiceModel.EndpointAddress(string.Format("https://{0}:{1}/HIBridge/HIBridgeService.svc/basic", LocalMedCart.CartProfile.ConsoleHostname, LocalMedCart.CartProfile.CommunicationPort));

HIBridgeLib.HIBridgeService.Security.PermissiveCertificatePolicy.Enact(string.Format("CN={0}", LocalMedCart.CertificateName));

myChannelFactory = new ChannelFactory<HIBridgeLib.HIBridgeService.IHIBridgeService>(basicHTTPBinding, endpointAddress);
myChannelFactory.Credentials.UserName.UserName = "username";
HIBridgeService = myChannelFactory.CreateChannel();

//do something

((IClientChannel)HIBridgeService).Close();
myChannelFactory.Close();

导致错误的原因是什么?

1 个答案:

答案 0 :(得分:1)

听起来您专门针对服务的basicHttpBinding。因此,wsHttpBinding设置与MessageSecurityValidator类无关。通常,客户端设置应与服务器端设置匹配,后者使用transport security 和客户端凭据证书。就WCF而言,用户将被该证书识别。因此,您需要确保使用有效的服务器识别证书,而不是尝试设置用户名。不幸的是,我没有足够的信息来解决您的证书究竟出了什么问题,但请检查:

  1. 您的本地证书存储(在运行桌面应用程序的计算机上)实际上具有服务认为有效的证书。
  2. 正确指定证书。 MSDN建议使用myClient.ClientCredentials.ClientCertificate.SetCertificate(...)提供证书。 (链接中的示例服务使用wsHttpBinding而不是basicHttpBinding,但是对于配置的这个方面,它应该没有区别。)
  3. 托管该服务的Web服务器实际上已配置为客户端证书身份验证。 One reference建议在Web服务器上的管理员命令提示符处检查netsh http show sslcert的输出,以查看是否为该站点启用了“协商客户端证书”。
相关问题
最新问题