WCF问题 - 使用用户名身份验证和TransportWithMessageCredentials的wsHttpBinding

时间:2012-01-29 19:29:45

标签: .net wcf

我创建了一个wcf服务,在IIS(7.5)中托管它,工作正常。我现在想添加用户名验证,我遇到了一些问题。 配置文件是这样的:

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="warServBehavior" name="WcfServiceLibrary.WarcraftService">
        <endpoint address="" binding="wsHttpBinding" contract="WcfServiceLibrary.IWarcraftService" bindingConfiguration="warWsHttpBinding" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="warWsHttpBinding">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="None"/>
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="warServBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BogusValidator, App_Code"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

关于证书我做了以下(灵感来自msdn):

  1. 1)makecert -n“CN = RootCATest”-r -sv RootCATest.pvk RootCATest.cer

  2. 2)将其添加到“受信任的根证书颁发机构”

  3. 3)makecert -sk CertTest -iv RootCATest.pvk -n“CN = Bogus”-ic RootCATest.cer -sr     localmachine -ss my -sky exchange -pe

    4. 在IIS中,我为https添加了绑定,在服务器证书中,我有: enter image description here

    当我运行svcutil https://localhost/WarcraftServiceSite/WarService.svc时,我收到此异常:"There was an error downloading https://localhost/WarcraftServiceSite/WarService.svc. The underlying connection was closed.Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure."

    稍后编辑:似乎调用svcutil的正确方法是使用http而不是https,即使我有<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

1 个答案:

答案 0 :(得分:2)

因为这只是一个测试证书,您可以将以下内容添加到客户端以使其正常工作。当您从verisign等获得生产证书时,您将不需要此。 引用并添加以下内容 - System.Net,System.Net.Security,System.Security.Cryptography.X509Certificates;

使用ServicePointManager类并向ServerCertificateValidationCallback

添加处理程序 
  ServicePointManager.ServerCertificateValidationCallback
               += RemoteCertificateValidate;

然后处理程序impl 

private static bool RemoteCertificateValidate(
   object sender, X509Certificate cert, 
    X509Chain chain, SslPolicyErrors error)
{
    // trust any certificate
    return true;
}

在使用代理之前将处理程序连接到某处。 记住这个代码和makecert的证书应仅用于测试。

相关问题
最新问题