WCF使用成员资格提供程序保护,但获取证书错误

时间:2011-02-18 13:53:59

标签: c# .net asp.net wcf security

我已经创建了一个自定义成员资格提供程序,我正在尝试使用它来保护我的WCF服务。但是,我收到了这个错误:

The service certificate is not provided. Specify a service certificate in ServiceCredentials.

我不想使用x509证书。我怎样才能使这个工作?

这是我的服务配置:

<?xml version="1.0"?>

                                           

<bindings>
  <wsHttpBinding>
    <binding name="wsHttpBinding1" maxBufferPoolSize="2147483647"
      maxReceivedMessageSize="2147483647">
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
        maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      <security mode="Message">
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service name="UpdateService.UpdateService" behaviorConfiguration="ASPNETProviders">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding1"
      contract="UpdateService.IUpdateService" />
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ASPNETProviders">
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="myUpdateMembershipProvider"/>            
      </serviceCredentials>
    </behavior>
    <behavior>          
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true" />
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
  multipleSiteBindingsEnabled="true" />

          

更新

此博客文章enter link description here说:

[When] you opt in for the UserName client credential type, WCF insists that your service must also reference a service certificate that contains a private key.

我将在IIS中托管我的服务,并计划在网站中使用SSL证书来加密通信。我可以让WCF不坚持我引用服务证书吗?

2 个答案:

答案 0 :(得分:1)

It seems that Microsoft really, really wants me to use a certificate.

有人根据我的情况制定了Clear Username Binding,但我想我可能会投降并使用证书。

答案 1 :(得分:0)

您是否尝试创建自定义凭据验证程序?请参阅:http://nayyeri.net/custom-username-and-password-authentication-in-wcf-3-5

相关问题
最新问题