我有一个WCF服务在服务器上运行,我创建了一个自签名证书,我的服务引用它如下:
<behaviors>
<serviceBehaviors>
<behavior name="KeypadBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
我的ASP.NET web应用程序需要为Admin端点创建一个客户端:
<client>
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Client"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad"
contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhosttest.example.com/Teamtime/Keypad.svc/Admin" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged"
name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<certificate encodedValue="a very long unique string" />
</identity>
</endpoint>
</client>
在虚拟机上,我可以创建一个使用Admin端点客户端。
我正在尝试将我的应用程序迁移到Azure WebApp。我在门户网站上传了相同的证书。WCF服务无法启动,在我尝试设置位置和存储值之前,我花了一些时间:
<serviceCredentials>
<serviceCertificate storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName" />
</serviceCredentials>
该服务现在显示为"欢迎页面"。我现在遇到的问题是,无论我为客户端配置尝试了什么(请参阅尝试A、B、C、D),任何创建客户端的尝试都会抛出RTE。
<client>
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Client" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypad" contract="TTAHttp.IKeypad" name="WSHttpBinding_IKeypad" />
<endpoint address="http://selfhost.example.com/TeamTime/Keypad.svc/Admin" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IKeypadPrivilleged" contract="TTAHttp.IKeypadPrivilleged" name="WSHttpBinding_IKeypadPrivilleged">
<identity>
<!-- Option A -->
<!--<certificate encodedValue="a very long unique string" />-->
<!-- Option B -->
<!--<certificate encodedValue="a very long unique string" />
<certificateReference
findValue="SELFHOSTTESTCert"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName"/>-->
<!-- Option C -->
<!--<certificateReference findValue="my thumbprint" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint"/>-->
<!-- Option D -->
<!--<certificateReference storeLocation="CurrentUser" storeName="My" findValue="SELFHOSTTESTCert" x509FindType="FindBySubjectName"/>-->
</identity>
</endpoint>
</client>
如何使用上载的证书在Azure网站上创建到端点的客户端?
堆栈跟踪:服务器堆栈跟踪:位于System.ServiceModel.Security.IssuanceTokenProviderBase
1.DoNegotiation(TimeSpan timeout) at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout) at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout) at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.ClientSecurityChannel1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) at System.ServiceModel.Security.SecuritySessionClientSettings1.System.ServiceModel.Channels.RelableChannelBinder1.ChannelSynchronizer.SyncWaiter.TryGetChannel() at System.ServiceModel.Channels.ReliableChannelBinder处的System.ServiceModel/Channels.CommunicationObject.On(TimeSpan超时)1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel&channel)System.ServiceModel.Channels.ReliableChannelBinder1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel) at System.ServiceModel.Channels.ClientReliableChannelBinder1.在System.ServiceModel.Hhannels.RequestReliableRequestor.OnRequest(消息请求,TimeSpan超时,最后布尔值)在System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan超时时)位于的System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)System.ServiceModel.Channes.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel通道,TimeSpan超时)在System.ServiceModel.cohannels.CallOnceManager.CallOnce(TimeSpan超超时,CallOnceManager级联)ins,Object[]outs,TimeSpan超时)在System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime操作)在System.ServiceModel.Channes.ServiceChanelProxy.Invoke(IMessage消息)异常在[0]重新引发:在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage-reqMsg,IMessage-retMsg)System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData和msgData,Int32类型)在TTAHttp.IKeypadPrivilleged.ClearTokens(字符串会议ID)在LaunchTeamTimeClient.Page_Load(对象发送方,EventArgs e)
您似乎需要在WebApp应用程序设置中添加带有证书指纹的WEBSITE_LOAD_CERTIFICATES。如果是这种情况,请尝试关注"在Azure网站应用程序中使用证书"博客来添加它。以下是该博客的截图。
添加一个名为WEBSITE_LOAD_CERTIFICATES的应用程序设置,并将其值设置为证书的指纹,将使您的web应用程序可以访问该设置。您可以有多个逗号分隔的指纹值,也可以将此值设置为"*"(不带引号),在这种情况下,您的所有证书都将加载到您的web应用程序个人证书存储