网络配置:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceCredentialsBehavior">
<serviceCredentials>
<serviceCertificate findValue="cool" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MessageAndUserName">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client/>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
客户cfg:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService" >
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:48097/WCFServer/Service.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService"
contract="ServiceReference1.IService"
name="WSHttpBinding_IService">
<identity>
<dns value ="cool" />
</identity>
</endpoint>
</client>
</system.serviceModel>
范围是通过安全连接传递ClientCredentials.UserName.UserName / Password。 我用复数自我证书做了x509证书..
错误是:
使用'http:// localhost:48097 / WCFServer / Service.svc'进行SOAP安全协商 为了目标 的 'http://本地主机:48097 / WCFServer / Service.svc' 失败。请参阅内部异常了解更多信 的信息。
的InnerException:
X.509证书CN =酷链 建筑失败了。证书即 使用的是一个不能的信任链 被核实。替换证书 或改变 certificateValidationMode。一个 证书链处理,但 终止于根证书中 信任提供商不信任。
我该如何解决这个例外?
问候,
的Sergiu。
答案 0 :(得分:4)
您使用的是自签名证书,默认情况下不受信任。您必须告诉您的客户端应用程序它应该信任该证书:
<behaviors>
<endpointBehaviors>
<behavior name="LocalCertValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
通过behaviorConfiguration="LocalCertValidation"
在客户端的端点配置中引用此行为。要使其工作,您必须将公共证书安装到受信任人员下的当前用户的认证商店。您还可以将验证模式设置为None
,并且根本不会验证证书,但只应在开发环境中使用。