我在服务器上运行了WCF服务,我创建了一个自签名证书,我的服务引用它如下:
<behaviors>
<serviceBehaviors>
<behavior name="KeypadBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
我的ASP.NET Web应用程序需要为 Admin 端点创建客户端:
<client>
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Client"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad"
contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Admin" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged"
name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<certificate encodedValue="a very long unique string" />
</identity>
</endpoint>
</client>
在VM上,我可以创建一个 Admin 端点客户端。
我正在尝试将我的应用程序迁移到Azure WebApp。我在门户网站上上传了相同的证书。 WCF服务无法启动,在我尝试设置位置和存储值之前花了一些时间:
<serviceCredentials>
<serviceCertificate storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName" />
</serviceCredentials>
该服务现在显示其欢迎页面&#34;。我现在遇到的问题是无论我尝试进行客户端配置(参见尝试A,B,C,D),任何创建客户端的尝试都会抛出RTE。
<client>
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Client" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad" contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Admin" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged" name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<!-- Option A -->
<!--<certificate encodedValue="a very long unique string" />-->
<!-- Option B -->
<!--<certificate encodedValue="a very long unique string" />
<certificateReference
findValue="SELFHOSTTESTCert"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName"/>-->
<!-- Option C -->
<!--<certificateReference findValue="my thumbprint" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>-->
<!-- Option D -->
<!--<certificateReference storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>-->
</identity>
</endpoint>
</client>
如何使用上传的证书在Azure网站上创建客户端到端点?
堆栈跟踪:服务器堆栈跟踪:在System.ServiceModel.Security.IssuanceTokenProviderBase
1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.ClientSecurityChannel1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)在System.ServiceModel.Channels.CommunicationObject.Open (TimeSpan超时)System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.SyncWaiter.TryGetChannel() at System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel&amp; channel)at System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder1.Request(消息消息,TimeSpan System.ServiceModel.Channels.ClientReliableRequestor.OnRequest(消息请求,TimeSpan超时,布尔最后一次)处于System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan超时)的System.ServiceModel.Channels.ClientReliableSession.Open处的超时,MaskingMode maskingMode)( TimeSpan超时)System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan超时)在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)在System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan) System.ServiceModel上System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel频道,TimeSpan超时)的System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)处于System.ServiceModel。 Channel.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout,CallOnceManager cascade)在System.ServiceModel.Channels.ServiceChannel.Call(String action,Boolean oneway,ProxyOperationRuntime operation,Object [] ins,Object [] outs,TimeSpan timeout)在System。 System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)中的ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime操作)在[0]处重新抛出异常:在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg) ,IMessage retMsg)在System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp; msgData,Int32类型)在LaunchTeamTimeClient.Page_Load(Object sender,EventArgs e)的TTAHttp.IKeypadPrivilleged.ClearTokens(String MeetingID)
答案 0 :(得分:0)
您似乎需要在WebApp appsetting中添加带有证书指纹的 WEBSITE_LOAD_CERTIFICATES 。如果是这种情况,请尝试按照Using Certificates in Azure Websites Applications博客添加它。以下内容摘自博客。
添加名为WEBSITE_LOAD_CERTIFICATES且其值设置为证书指纹的应用设置将使您的Web应用程序可以访问该设置。您可以使用多个以逗号分隔的指纹值,也可以将此值设置为“*”(不带引号),在这种情况下,所有证书都将加载到您的Web应用程序个人证书存储区