我正在尝试让WCF服务器和客户端使用BasicHttpBinding在传输级别上使用SSL证书相互进行身份验证。以下是创建服务器的方式:
var soapBinding = new BasicHttpBinding() { Namespace = "http://test.com" };
soapBinding.Security.Mode = BasicHttpSecurityMode.Transport;
soapBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Certificate;
var sh = new ServiceHost(typeof(Service1), uri);
sh.AddServiceEndpoint(typeof(IService1), soapBinding, "");
sh.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "localhost");
sh.Open();
这是客户:
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
var service = new ServiceReference2.Service1Client(binding,
new EndpointAddress("https://localhost:801/Service1"));
service.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, "localhost");
service.ClientCredentials.ServiceCertificate.Authentication.
CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
service.HelloWorld();
localhost的证书位于Personal,Trusted Root和Trusted 3rd Party容器中。 Internet Explorer可以连接到主机并查看WSDL。此外,SSL调用可以正常使用ClientCredentialType = HttpClientCredentialType.None
HelloWorld()失败:
System.ServiceModel.Security.MessageSecurityException occurred<br/>
Message="The HTTP request was forbidden with client authentication
scheme 'Anonymous'."
这是一个重新抛出的异常:“远程服务器返回错误:(403)禁止。”
如何解决wtf的问题?
答案 0 :(得分:9)
在设置Security.Mode:
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;