将ClientCredentials.UserName传递给服务器

时间:2011-06-30 11:32:40

标签: wcf web-services soap wcf-binding

网络配置: 

<?xml version="1.0"?>
  <configuration>
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceCredentialsBehavior">
                <serviceCredentials>
                    <serviceCertificate findValue="cool"    storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="MessageAndUserName">
                <security mode="Message">
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client/>
</system.serviceModel>
<system.web>
    <compilation debug="true"/>
</system.web>

客户cfg: 

<?xml version="1.0" encoding="utf-8"?>
 <configuration>
<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IService" >
                <security mode="Message">
                    <message clientCredentialType="UserName" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:48097/WCFServer/Service.svc"
                  binding="wsHttpBinding"
                  bindingConfiguration="WSHttpBinding_IService"
                  contract="ServiceReference1.IService"
                  name="WSHttpBinding_IService">
            <identity>
                <dns value ="cool" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

范围是通过安全连接传递ClientCredentials.UserName.UserName / Password。 我用复数自我证书做了x509证书..

错误是:

  

使用'http:// localhost:48097 / WCFServer / Service.svc'进行SOAP安全协商   为了目标   的 'http://本地主机:48097 / WCFServer / Service.svc'   失败。请参阅内部异常了解更多信   的信息。

的InnerException:

  

X.509证书CN =酷链   建筑失败了。证书即   使用的是一个不能的信任链   被核实。替换证书   或改变   certificateValidationMode。一个   证书链处理,但   终止于根证书中   信任提供商不信任。

我该如何解决这个例外? 问候,
的Sergiu。

1 个答案:

答案 0 :(得分:4)

您使用的是自签名证书,默认情况下不受信任。您必须告诉您的客户端应用程序它应该信任该证书:

<behaviors>
  <endpointBehaviors>
    <behavior name="LocalCertValidation">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="PeerTrust" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

通过behaviorConfiguration="LocalCertValidation"在客户端的端点配置中引用此行为。要使其工作,您必须将公共证书安装到受信任人员下的当前用户的认证商店。您还可以将验证模式设置为None,并且根本不会验证证书,但只应在开发环境中使用。

相关问题
最新问题