我在IIS 6上托管了一个需要
的WCF应用程序我能够成功地做到1)。我试图通过跟随this来实现2)和3) - 基本上创建一个继承X509CertificateValidator并使用我自己的验证实现覆盖Validate方法的类(步骤2和3)。我完全遵循了MSDN指令,但似乎没有调用Validate方法。我故意在覆盖的Validate方法中抛出SecurityAccessDeniedException,当我尝试通过浏览器访问服务时,不会抛出任何异常。我仍然可以使用任何客户端证书访问我的网站。
我也读过this thread但它并没有真正帮助。任何帮助将不胜感激!
这是我的配置:
<system.serviceModel>
<services>
<service behaviorConfiguration="SimpleServiceBehavior"
name="SampleNameSpace.SampleClass">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="NewBinding0"
contract="SampleNameSpace.ISampleClass" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SimpleServiceBehavior">
<serviceMetadata httpsGetEnabled="true" policyVersion="Default" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="SampleNameSpace.MyX509CertificateValidator, SampleAssembly"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
答案 0 :(得分:0)
您还可以尝试使用此ServerCertificateValidationCallback
覆盖证书验证我们正在以这种方式使用WCF HttpBinding:
System.Net.ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, policyErrors) =>
{
var isValid = false;
// some checking logic
return isValid;
};