我正在创建一个简单的WCF服务来接收崩溃报告。
该服务将作为控制台程序自托管运行,并且必须在不安装任何证书的情况下运行。
安全方面我需要确保客户端发送的数据仅发送到我们的服务器并且数据不被截获。从服务器的角度来看,我还想确保连接客户端使用特定证书(嵌入在客户端程序集中)以阻止滥用服务。
我创建了一个自签名证书,并计划在客户端程序集中嵌入.cer(包含证书的公共部分),并将包含带私钥的证书的PFX嵌入到服务主机程序程序集中。 (this让我相信我可以使用单一证书。)
我的问题是,无论如何设置,我都会收到以下错误:
“向https://localhost:8080/errorservice发出HTTP请求时发生错误。这可能是因为在HTTPS情况下使用HTTP.SYS未正确配置服务器证书。这也可能是由于客户端和服务器之间的安全绑定不匹配。“
绑定之间不应该不匹配,因为它们是使用相同的代码创建的:
public static BasicHttpBinding CreateStreamingBinding() {
BasicHttpBinding streamBinding = new BasicHttpBinding();
streamBinding.TransferMode = TransferMode.StreamedRequest;
streamBinding.MaxReceivedMessageSize = long.MaxValue;
streamBinding.Security = new BasicHttpSecurity
{
Transport = new HttpTransportSecurity
{
ClientCredentialType = HttpClientCredentialType.None,
ProxyCredentialType =HttpProxyCredentialType.None
},
Mode = BasicHttpSecurityMode.Transport,
};
streamBinding.MaxBufferSize = int.MaxValue;
streamBinding.MessageEncoding = WSMessageEncoding.Mtom;
streamBinding.SendTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
streamBinding.ReceiveTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
return streamBinding;
}
public static BasicHttpBinding CreateStreamingBinding() {
BasicHttpBinding streamBinding = new BasicHttpBinding();
streamBinding.TransferMode = TransferMode.StreamedRequest;
streamBinding.MaxReceivedMessageSize = long.MaxValue;
streamBinding.Security = new BasicHttpSecurity
{
Transport = new HttpTransportSecurity
{
ClientCredentialType = HttpClientCredentialType.None,
ProxyCredentialType =HttpProxyCredentialType.None
},
Mode = BasicHttpSecurityMode.Transport,
};
streamBinding.MaxBufferSize = int.MaxValue;
streamBinding.MessageEncoding = WSMessageEncoding.Mtom;
streamBinding.SendTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
streamBinding.ReceiveTimeout = new TimeSpan( 1, 0, 0, 0, 0 );
return streamBinding;
}
在客户端上,创建服务的代码设置如下(证书位置仅用于测试):
protected ErrorReportingServiceClient CreateClient() {
X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.cer" );
EndpointAddress endpointAddress = new EndpointAddress( new Uri( ReportingServiceUri ));
ErrorReportingServiceClient client = new ErrorReportingServiceClient( CreateStreamingBinding(), endpointAddress );
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
client.ClientCredentials.ClientCertificate.Certificate = cert;
return client;
}
在服务方面,设置如下:
protected ErrorReportingServiceClient CreateClient() {
X509Certificate2 cert = new X509Certificate2( @"C:\certs\reporting.cer" );
EndpointAddress endpointAddress = new EndpointAddress( new Uri( ReportingServiceUri ));
ErrorReportingServiceClient client = new ErrorReportingServiceClient( CreateStreamingBinding(), endpointAddress );
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
client.ClientCredentials.ClientCertificate.Certificate = cert;
return client;
}
非常感谢任何有关如何正确设置此功能的帮助。
答案 0 :(得分:1)