我正在尝试使用消息安全模式和自定义用户名验证程序创建WCF服务(托管在Windows服务中)。
我还通过IIS创建了一个自签名证书。
问题是我遇到以下错误:
System.ServiceModel.Security.MessageSecurityException:不安全或 从另一方收到了错误的安全故障。见 内部FaultException为故障代码和细节。
WCF服务器配置:
// Create a WsHttpBinding.
// Set Message Security Mode and UserName Authorization
WSHttpBinding mywshttpbind = new WSHttpBinding();
mywshttpbind.Security.Mode = SecurityMode.Message;
mywshttpbind.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
// Negotiate the Credentials and establish a Security Token
mywshttpbind.Security.Message.NegotiateServiceCredential = true;
mywshttpbind.Security.Message.EstablishSecurityContext = false;
// Find the BindingElements and disable the TimeStamp
BindingElementCollection elements = mywshttpbind.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
CustomBinding myCustomBinding = new CustomBinding(mywshttpbind);
// A ServiceCertificate will be used - search it by serial number
obj.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySerialNumber, "....");
// The client will not check for the certificate
obj.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
// A custom UsernamePassword Validator will be used
obj.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
obj.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserPassValidator();
// Add Endpoint to Host with the custom binding
obj.AddServiceEndpoint(typeof(service.IService), myCustomBinding, "");
// Metadata Exchange
ServiceMetadataBehavior serviceBehavior = new ServiceMetadataBehavior();
serviceBehavior.HttpGetEnabled = true;
obj.Description.Behaviors.Add(serviceBehavior);
// Open the connection
obj.Open();
WCF客户端:
// Create a WsHttpBinding.
// Set Message Security Mode and UserName Authorization
WSHttpBinding mywshttpbind = new WSHttpBinding();
mywshttpbind.Security.Mode = SecurityMode.Message;
mywshttpbind.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
// Negotiate the Credentials and establish a Security Token
mywshttpbind.Security.Message.NegotiateServiceCredential = true;
mywshttpbind.Security.Message.EstablishSecurityContext = false;
// Find the BindingElements and disable the TimeStamp
BindingElementCollection elements = mywshttpbind.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
CustomBinding myCustomBinding = new CustomBinding(mywshttpbind);
// Create a new factory channel
var newFactory = new ChannelFactory<ICMM_WCF_S>(myCustomBinding, add);
// Set the username and the password
newFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
newFactory.Credentials.UserName.UserName = "user1";
newFactory.Credentials.UserName.Password = "pass1";
var channel = newFactory.CreateChannel();
channel.get_data();
启用WCF Tracer后,我跟踪了以下异常:
安全时间戳因其创建时间而无效 ('2015-07-06T10:28:39.264Z')将来。现在的时间是 '2015-07-06T10:20:44.570Z'并允许时钟偏差为'00:05:00'。
即使我创建了一个禁用时间戳的自定义绑定,错误仍然存在。