我在IIS上有一个WCF SOAP服务,该服务使用basicHttpBinding,并配置为需要客户端证书:
<basicHttpBinding>
<binding>
<readerQuotas/>
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</basicHttpBinding>
我必须从.Net Core 3.1应用程序调用该服务。这是我所拥有的:
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
ChannelFactory<PaymentRequestService> factory = new ChannelFactory<PaymentRequestService>(binding, new EndpointAddress(new Uri(_apiOptions.Value.PaymentRequestServiceEndpoint)));
factory.Credentials.ClientCertificate.Certificate = GetClientCertificate(certBase64, certPass); // X509Certificate2
PaymentRequestService client = factory.CreateChannel();
var rx = client.SavePaymentRequestAsync(myRequest);
当我在调试中检查工厂时,我看到客户端凭据证书(SHA256(在那里,但看起来客户端凭据没有到达Web服务,因为我一直收到HTTP请求被客户端身份验证方案"匿名"禁止
如果我使用BasicHttpSecurityMode.TransportWithMessageCredential或使用factory.Credentials.ClientCertificate.SetCertificate()设置证书,则没有区别
有什么想法吗?
从Windows Server 2012开始,您需要在HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL 中设置SendTrustedIssuerList和ClientAuthTrustMode注册表设置
https://configmgrblog.com/2014/02/23/configmgr-2012-r2-internet-facing-mp-windows-server-2012-r2-note/