我将预期的客户证书设置为" A":
host.Credentials.ClientCertificate.SetCertificate("A", ...);
host.Credentials.ServiceCertificate.SetCertificate("B", ...);
结合:
new NetTcpBinding
{
Security =
{
Mode = SecurityMode.TransportWithMessageCredential,
Transport = { ProtectionLevel = ProtectionLevel.EncryptAndSign },
Message = { ClientCredentialType = MessageCredentialType.Certificate }
}
}
我希望服务器只允许拥有证书" A"的客户端。但它也允许其他可信证书。我已将客户端app.config更改为使用" B"而不是" A"它仍然有效!
我的设置有什么问题?
答案 0 :(得分:0)
host.Credentials.ClientCertificate.SetCertificate("A", ...);
并不意味着只允许具有证书A的客户端进行连接。
如果您只想允许某些类型的证书,则需要检查服务器端的CertificateValidator。
看看: https://msdn.microsoft.com/en-us/library/aa354512%28v=vs.110%29.aspx
如果您有更多问题,请随时问我
修改
public class CustomX509CertificateValidator : X509CertificateValidator
{
public override void Validate ( X509Certificate2 certificate )
{
// Only accept self-issued certificates for example
if (certificate.Subject != certificate.Issuer)
throw new Exception("Certificate is not self-issued");
}
}
然后:
serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new CustomX509CertificateValidator();