我有一个WCF服务,我想使用传输安全性和客户端证书进行配置。我在本地IIS实例上工作,但在Azure Web App中配置它时遇到了麻烦。
以下是来自web.config的som片段:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<behavior name="ApiBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<certificate
findValue="<Thumbprint>"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindByThumbprint" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<wsHttpBinding>
<binding name="apiBindingSecure" textEncoding="utf-8">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="ApiService" behaviorConfiguration="ApiBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="apiBindingSecure" contract="IApiService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
当我调用该服务时,我收到以下错误:
服务'SslRequireCert'的SSL设置与IIS'无'的SSL设置不匹配。
我发现在IIS中这与SSL设置有关 - &gt;客户证书 - &gt;接受设置:IIS SSL seettings
但是在Azure中,必须通过web.config设置来完成:
<location path="BdoApiService.svc" >
<system.webServer>
<security>
<access sslFlags="SslRequireCert,SslNegotiateCert" />
</security>
</system.webServer>
</location>
我尝试了不同的设置组合:“Ssl”; “SSL,SslRequireCert,SslNegotiateCert”; “SslNegotiateCert”等。
但是当我设置sslFlags时,我总是在浏览器中收到以下错误:
由于发生内部服务器错误,无法显示页面。
我能做些什么才能让它发挥作用?