我创建了一个应用程序,让机器在网络上相互通信。我想使用NetTCPBinding并加密消息。但是我不想要或不需要证书或Windows身份验证。我尝试将安全模式设置为Message以获取加密和传输安全性,以避免证书/ Windows身份验证,但我仍然得到:
System.ServiceModel.Security.SecurityNegotiationException:调用者 没有通过该服务进行身份验证。 ---> System.ServiceModel.FaultException:安全令牌的请求 无法满足,因为身份验证失败。
以下是相关代码:
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
答案 0 :(得分:4)
此问题的答案有效:selfhosting wcf server - load certificate from file instead of certificate store
我的代码:
var certificate = new X509Certificate2("cert.pfx", "");
host = new ServiceHost(MessageProvider, address);
host.Credentials.ServiceCertificate.Certificate = certificate;
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
host.AddServiceEndpoint(typeof(IService), binding, address);
host.Open();
答案 1 :(得分:1)
我认为这正是您所寻找的: Message Security with an Anonymous Client 。我想你的问题是你的服务没有在服务器端指定证书:
初始协商需要服务器身份验证,但不需要客户端身份验证
因此,在实例化服务时,尝试执行类似(来自MSDN)的操作:
myServiceHost.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"00000000000000000000000000000000");