如何从javascript客户端调用安全的WCF Rest服务？

Question

这应该很简单但我无法找到解决方案。 是否可以从javascript客户端调用安全的wcf服务？  我有运行安全的WCF Rest服务。我已经使用makecert.exe添加了一个.X509证书给iy。我在IIS上托管了我的服务，并且已将证书添加到我的服务中。

我有一个用于调用该服务的javascript客户端。现在，当我点击服务时，我得到了错误： https：/192.168.0.5/Rest/net :: ERR_INSECURE_RESPONSE 。

如何让我的javascript客户端访问该服务？ 这是我的服务的web.config：

   <system.serviceModel>
        <services>
          <service name="RestDemo.RestDemo" behaviorConfiguration="serviceBehavior">

            <host>
              <baseAddresses>
                <add baseAddress="https://localhost/RestDemo/RestDemo.svc" />
              </baseAddresses>
            </host>
            <endpoint address="" binding="webHttpBinding" contract="RestDemo.IRestDemo" behaviorConfiguration="web">
              <!--<identity>
                <dns value="localhost"/>
              </identity>-->

            </endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="RestDemo.IRestDemo" />
          </service>
        </services>
        <bindings>

          <webHttpBinding>
            <binding name="web">

              <security mode="Transport">
                <transport clientCredentialType="Certificate" />

              </security>
            </binding>

          </webHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="serviceBehavior">
              <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="PeerTrust"
                                 trustedStoreLocation="LocalMachine" />

                </clientCertificate>
                <serviceCertificate findValue="ServerCertificate"
                  storeLocation="LocalMachine"
                  storeName="My"
                  x509FindType="FindBySubjectName" />
              </serviceCredentials>
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" httpsGetUrl="/RestDemo.svc" />
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
          </serviceBehaviors>
          <endpointBehaviors>
            <behavior name="web">

              <webHttp />
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>


**Here is my javascript client:**

 <script type="text/javascript">
        $(document).ready(function () {
            $('#btnCall').click(function () {
                debugger;
                var name = "test";
                $.ajax({
                    type: "GET",
                    //   url: "http://localhost:49620/RestDemo.svc/DoWork/"+name,
                    url: "https://192.168.0.15/Rest/",
                    dataType: "xml",
                    success: function (xml) {
                        alert("success");
                        var xmlText = new XMLSerializer().serializeToString(xml);
                        alert(xmlText);
                    },
                    error: function (xhr) {
                        alert(xhr.responseText);
                        alert("error");
                    }
                });
            });

        });

    </script>

任何建议都会非常感激。