我有一个WCF服务和一个连接到该服务的客户端应用程序。
WCF服务在IIS 10中本地托管。WCF服务使用HTTPS。客户端应用程序也在本地运行。
我收到的错误是: HTTP错误403.16-禁止 您的客户证书不可信或无效。 Web服务器不信任用于此请求的客户端证书。
尝试在Web浏览器中查看服务后发生此错误。
问题
以下是我到目前为止为使其正常运行所采取的步骤:
我通过Powershell使用以下命令在本地计算机上创建了服务证书和客户端证书:
New-SelfSignedCertificate -CertStoreLocation证书:\ LocalMachine \ My -DnsName “ WcfServerTestCert” -FriendlyName“ WcfServerTestCert” -NotAfter(获取日期).AddYears(10)
New-SelfSignedCertificate -CertStoreLocation Cert:\ LocalMachine \ My -DnsName“ WcClientTestCert” -FriendlyName“ WcfClientTestCert” -NotAfter(Get-Date).AddYears(10)
我使用以下内容协助上述How to create self-signed certificates in Windows 10
我运行MMC时,证书已添加到“本地计算机”下的“个人”存储中。
这是Web服务/服务器的配置:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="XXX.Zoo.WebServices.ZooServices_3_0"
behaviorConfiguration="ZooServices_3_0_Behavior">
<endpoint
address="https://localhost/Zootest_3_0/ZooServices_3_0.svc"
binding="wsHttpBinding"
bindingConfiguration="ZooServices_3_0_Binding"
contract="XXX.Zoo.WebServices.IZooServices_3_0" />
<endpoint
address="https://localhost/Zootest_3_0/ZooServices_3_0.svc/mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ZooServices_3_0_Binding"
maxReceivedMessageSize="2147483647"
maxBufferPoolSize="2147483647" >
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483646"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true" algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ZooServices_3_0_Behavior">
<serviceMetadata httpsGetEnabled="true"
httpsGetUrl="https://localhost/Zootest_3_0/ZooServices_3_0.svc" />
<serviceDebug includeExceptionDetailInFaults="False" />
<!--The serviceCredentials behavior defines a service
certificate which is used by the service to authenticate
itself to its clients and to provide message protection. -->
<serviceCredentials>
<serviceCertificate
findValue="WcfServerTestCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication
certificateValidationMode="ChainTrust"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
这是客户端的Web Config。客户端应用程序配置。
<?xml version="1.0"?>
<configuration>
<configSections>
</configSections>
<appSettings>
<!-- User application and configured property settings go here.-->
<!-- Example: <add key="settingName" value="settingValue"/> -->
<add key="txtMessageXml.AutoSize" value="True" />
<add key="ClientSettingsProvider.ServiceUri" value="" />
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
<system.web>
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<client>
<endpoint address="https://localhost/zootest_3_0/ZooServices_3_0.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IZooServices_3_0"
contract="ZooServices_3_0.IZooServices_3_0" name="WSHttpBinding_IZooServices_3_0" behaviorConfiguration="ZooServices_3_0_Behavior" />
</client>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IZooServices_3_0">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ZooServices_3_0_Behavior">
<!-- The clientCredentials behavior defines a certificate to present to a service
which is used by the client to authenticate itself to the service and provide
message integrity. -->
<clientCredentials>
<clientCertificate findValue="WcfClientTestCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>