我有一对使用wcf的客户端和服务器应用程序,以便将数据从客户端单向传递到服务器,并且必须在自定义绑定中使用https和X509证书身份验证两者,在将配置设置为“ certificateOverTransport“并在两端将requireClientCertificate设置为true,客户端将以下异常跟踪到svclog:
错误的HTTP响应HTTP请求未经授权,客户端身份验证方案为“匿名”。
并且服务器端跟踪以下警告:
客户端证书无效,本机错误代码为0x109(有关详细信息,请参阅“链接”)
客户端配置如下:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="myCustomHttpsBinding" sendTimeout="00:00:10"
openTimeout="00:00:10" reciveTimeout="00:00:10">
<reliableSession />
<security authenticationMode="CertificateOverTransport"
requireSecurityContextCancellation="true" />
<httpsTransport authenticationScheme="Anonymous"
requireClientCertificate="true" />
<binding />
<customBinding/>
<bindings />
<client>
<endpoint address="https://serverAdrress:port/"
behaviorConfiguration="SSLBehavior"
binding="customBinding"
bindingConfiquration="myCustomHttpsBinding"
contract="MyContract"
name="endpointName" />
<client />
<behaviors>
<endpointBehaviors>
<behavior name="SSLBehavior">
<clientCredentials>
<clientCerificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"/>
<serviceCertificate />
<clientCredentials />
<behavior />
<endpointBehaviors />
<behaviors />
<system.serviceModel />
服务器端配置如下:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="myCustomHttpsBinding" sendTimeout="00:00:10"
openTimeout="00:00:10" reciveTimeout="00:00:10">
<reliableSession />
<security authenticationMode="CertificateOverTransport"
requireSecurityContextCancellation="true" />
<httpsTransport authenticationScheme="Anonymous"
requireClientCertificate="true" />
<binding />
<customBinding/>
<bindings />
<services>
<service behaviorConfiguration="ServiceConfig"
name="myService">
<endpoint address="endp1"
binding="customBinding"
bindingConfiquration="myCustomHttpsBinding"
contract="MyContract"
name="endpointName"
contract="MyContract"/>
<host>
<baseAddress>
<add baseAddress="https://serverAdrress:port/" />
</baseAddress>
<host />
<service />
<services />
<behaviors>
<serviceBehaviors>
<behavior name="ServiceConfig">
<serviceCredentials>
<clientCerificate>
<cerificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<authentication
certificateValidationMode="PeerOrChainTrust"/>
</clientCerificate>
<serviceCertificate findValue="CertSubject"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"
storeName="My" />
<clientCredentials />
<behavior />
<serviceBehaviors />
<behaviors />
<system.serviceModel />