禁用从服务到客户端的消息签名

时间:2015-03-25 08:54:38

标签: c# .net wcf c#-4.0 x509certificate

如何禁用从服务到客户端的邮件签名? 我将basicHttpBinding与消息安全模式和证书一起用作凭据类型。

我有工作解决方案,但此解决方案使用双向证书签名;我想只要求方向客户 - >服务。我怎样才能实现它?它甚至可能吗? 我的用例非常简单;基本上我不想要求客户指定服务证书,他们只提供他们的证书,我只是在我的自定义证书验证器中检查该证书是否已注册并启用...

服务配置

<system.serviceModel>
  <services>
    <service behaviorConfiguration="MyApp.ServiceBehavior" name="MyApp.Service">
      <endpoint address="" binding="basicHttpBinding" contract="MyApp.IService" bindingConfiguration="CustomBinding">
        <identity>
          <dns value="SebastianServer" />
        </identity>
      </endpoint>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
    </service>
  </services>

  <behaviors>
    <serviceBehaviors>
      <behavior name="MyApp.ServiceBehavior">
        <serviceCredentials>
          <serviceCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />

          <clientCertificate>
            <!--<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />-->
            <authentication certificateValidationMode="Custom" customCertificateValidatorType="MyApp.CustomValidator, MyApp"/>
          </clientCertificate>

        </serviceCredentials>
      </behavior>
    </serviceBehaviors>
  </behaviors>

  <bindings>
    <basicHttpBinding>
      <binding name="CustomBinding">
        <security mode="Message">
          <message clientCredentialType="Certificate" />
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
</system.serviceModel>

客户端配置

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="certificateEndpoint">
        <clientCredentials>
          <clientCertificate findValue="f2ba8e5a7531df7097117661d966d1f14fccb360" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
          <serviceCertificate>
            <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
            <defaultCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>

  <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_IService">
          <security mode="Message">
            <transport clientCredentialType="None" />
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </basicHttpBinding>
  </bindings>

  <client>
    <endpoint
      address="http://localhost:5129/Service.svc"
      binding="basicHttpBinding"
      bindingConfiguration="BasicHttpBinding_IService"
      contract="MyAppService.IService"
      behaviorConfiguration="certificateEndpoint"
      name="BasicHttpBinding_IService">
      <identity>
        <dns value="SebastianServer"/>
      </identity>
    </endpoint>
  </client>
</system.serviceModel>

1 个答案:

答案 0 :(得分:0)

可以使用自定义绑定。