带证书的WCF邮件安全性错误：无法验证安全令牌

Question

我使用证书进行了Messager安全性的WCF服务设置。我目前正在使用自签名证书。我不使用证书存储，而是即时加载我的证书。

当我使用MessageSecurity=None时服务正常工作，但启用安全性后，只要我调用服务端点，就会收到错误：

  

从另一方收到了无担保或不正确安全的故障。请参阅内部FaultException以获取故障代码和详细信息。 - ＆GT;消息中至少有一个安全令牌无法验证。

我的服务配置的相关部分如下所示：

<endpoint name="DB_msgAnonymousSecured" address="Secure" 
          binding="wsHttpBinding" bindingConfiguration="UploadServiceSecure"
          contract="DataStoreInterfaces.IDataStoreServices" >
</endpoint>

<wsHttpBinding>
    <binding name="UploadServiceSecure" >
        <security mode="Message">
            <!-- Message security with certificate authentication-->
            <message clientCredentialType="Certificate" 
                     negotiateServiceCredential="false" establishSecurityContext="false"/>
        </security>
    </binding>
</wsHttpBinding>

证书在代码中配置如下： 服务器：

using (WebServiceHost queryHost = new WebServiceHost(typeof(DataStoreServices.DatabaseServicesImplementation)))
                {
                    try
                    {
                        queryHost.Credentials.ServiceCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Application.StartupPath + "\\Server.pfx");
                        queryHost.Credentials.ClientCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Application.StartupPath + "\\Client.cer");
                        queryHost.Open();

                        while (true) //endless loop 
                        {
                            Thread.Sleep(100);
                        }

                    }
                    catch (Exception ex)
                    {

                    }
                }

客户端：

var binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.NegotiateServiceCredential = false;
EndpointAddress address = new EndpointAddress(new Uri(serviceEndpointAddress), EndpointIdentity.CreateDnsIdentity("CompanyXYZ Server")); //usually, the DnsIdentity is the domain name. In our case, it's the value that was entered during the creation of the self-signed certificate.

ChannelFactory<IDataStoreServices> cf = new ChannelFactory<IDataStoreServices>(binding, address);
cf.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; //since our certificate is self-signed, we don't want it to be validated
cf.Credentials.ClientCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Environment.CurrentDirectory + "\\Client.pfx");
cf.Credentials.ServiceCertificate.DefaultCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Environment.CurrentDirectory + "\\Server.cer");

IDataStoreServices channel = cf.CreateChannel();
response = channel.TestConnection(); //this line causes the exception

我这几个星期以来一直在努力解决这个问题而且我没有想法。 有没有人对我有任何暗示，为什么这不起作用？