自定义WS绑定错误:未为目标“xxx”提供服务证书。在ClientCredentials中指定服务证书

时间:2011-12-18 17:16:28

标签: wcf custom-binding

我正在尝试使用ClientCredentialType设置为“None”来实现具有压缩和消息安全性的自定义WS绑定。该服务已配置并成功运行。我还设法配置客户端并成功运行它。但是,我需要以编程方式设置客户端,因此当我尝试将客户端配置转换为代码时,我收到错误“没有为目标'xxx'提供服务证书。在ClientCredentials中指定服务证书。 我正在使用自动生成的代理客户端,我已按照建议覆盖客户端构造函数并直接在ClientCredentials或客户端端点行为中指定服务证书 CertificateValidationMode ,但仍然没有运气。

感谢您解决此问题的任何帮助。作为参考,我在下面包括配置及其代码翻译。

客户端配置:

<system.serviceModel>
 <bindings>
  <customBinding>
    <binding name="customWSBinding" sendTimeout="00:15:00">
      <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
        <secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
      </security>
      <gzipMessageEncoding innerMessageEncoding="textMessageEncoding"/>
      <httpTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False"
                      maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
                      authenticationScheme="Anonymous" bypassProxyOnLocal="False" realm="" useDefaultWebProxy="True"/>
    </binding>
  </customBinding>
 </bindings>
 <client>
  <endpoint address=""
    binding="customBinding"
    bindingConfiguration="customWSBinding"
    behaviorConfiguration="ClientBehavior"
    contract="IService"
    name="ServiceEndpoint">
    <identity>
      <dns value="contoso.com"/>
    </identity>
  </endpoint>
 </client>
 <behaviors>
  <endpointBehaviors>
    <behavior name="ClientBehavior">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None"/>
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
 </behaviors>
</system.serviceModel>

等效代码:

SecurityBindingElement securityElement =   SecurityBindingElement.CreateSecureConversationBindingElement(SecurityBindingElement.CreateAnonymousForCertificateBindingElement());
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;

GZipMessageEncodingBindingElement encodingElement = new GZipMessageEncodingBindingElement();
TextMessageEncodingBindingElement txtMsgBE = new TextMessageEncodingBindingElement();
encodingElement.InnerMessageEncodingBindingElement = txtMsgBE;

HttpTransportBindingElement httpTransportElement = new HttpTransportBindingElement();
httpTransportElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpTransportElement.ManualAddressing = false;
httpTransportElement.MaxReceivedMessageSize = Int32.MaxValue;
httpTransportElement.MaxBufferSize = Int32.MaxValue;
httpTransportElement.MaxBufferPoolSize = Int32.MaxValue;
httpTransportElement.AuthenticationScheme = AuthenticationSchemes.Anonymous;
httpTransportElement.BypassProxyOnLocal = false;
httpTransportElement.UseDefaultWebProxy = true;

System.ServiceModel.Channels.Binding binding = new CustomBinding(securityElement, encodingElement, httpTransportElement);
binding.SendTimeout = TimeSpan.FromMinutes(15);

EndpointAddress address = new EndpointAddress(new Uri(svcURL),    EndpointIdentity.CreateDnsIdentity("contoso.com"));

ServiceClient svcClient = new ServiceClient(binding, address);

重写的代理客户端:

public ServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress)
:base (binding, remoteAddress)
{
    System.ServiceModel.Description.ClientCredentials cc = new System.ServiceModel.Description.ClientCredentials();
    cc.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

    base.Endpoint.Behaviors.RemoveAt(1);
    base.Endpoint.Behaviors.Add(cc);
}

1 个答案:

答案 0 :(得分:0)

CreateAnonymousForCertificateBindingElement()方法为匿名客户端身份验证和基于证书的服务身份验证提供绑定元素。因此,如果要求服务证书。