带证书认证的传输安全性

时间:2010-11-02 23:14:17

标签: wcf ssl ssl-certificate transport-security

访问我的webservice localhost / MyService / MyService.svc时出现以下错误

  

服务'SslRequireCert'的SSL设置与IIS的Ssl,SslNegotiateCert'的SSL设置不匹配。

我遵循http://msdn.microsoft.com/en-us/library/ms731074.aspx

中指定的web.config示例

这是我的wcf服务器web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <appSettings />
  <system.web>
    <identity impersonate="false" />
    <roleManager enabled="true" />
    <authentication mode="Windows" />
    <customErrors mode="Off" />
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
  </system.web>
  <system.webServer>
    <directoryBrowse enabled="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <security>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="*" roles="" />
      </authorization>
    </security>
  </system.webServer>
  <system.serviceModel>
    <services>
      <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
        <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyServiceBehavior">
          <serviceDebug includeExceptionDetailInFaults="True" />
          <serviceMetadata />
          <serviceCredentials>
            <clientCertificate>
              <authentication trustedStoreLocation="LocalMachine"
                               revocationMode="Online"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="CertificateWithTransportWSHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>
</configuration>

我按如下方式配置了IIS:

  • 使用自签名证书添加https绑定
  • 在SSL设置下,检查需要SSL并接受客户端证书
  • 自签名证书已添加到“本地计算机受信任的根CA”。

我可以浏览并执行.asmx服务定义,但.svc给出了上述错误。

3 个答案:

答案 0 :(得分:1)

尝试注释掉你的mex端点。这应该让它工作

答案 1 :(得分:0)

这是过程

  1. 在IIS中创建自签名证书。
  2. 在IIS中创建网站。
  3. 将网站设置为需要SSL。
  4. 当您在绑定中选择https协议时,IIS 7中的故障将不允许您指定站点的主机名。有正确设置此绑定主机名的说明here
  5. 在您的网络配置中,将其修改为

    <wsHttpBinding> 
       <binding name="CertificateWithTransportWSHttpBinding"> 
           <security mode="Transport"> 
              <transport clientCredentialType="none" /> 
           </security> 
       </binding> 
    </wsHttpBinding>
    
    
    <serviceBehaviors>  
       <behavior name="MyServiceBehavior">  
          <serviceDebug includeExceptionDetailInFaults="True" />  
             <serviceMetadata />   
       </behavior>  
    </serviceBehaviors>  
    
  6. 在您的MEX端点设置binding =“wsHttpsBinding”

  7. 如果您执行上述所有操作,则应启动并运行SSL WCF服务。

答案 2 :(得分:0)

我正在敲打这个问题至少2-3个小时,忽略了上面关于评论你的mex终点的回应。

这证明是我的答案所以只是想重新执行上面的答案。请参阅上面帖子中步骤7底部的评论:

http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorisation-with-wcf-in-development-environments.aspx