我正在开发一项服务,以在WCF中使用基于SSL/TLS凭据的安全性。端点将使用IIS和HTTPS击中。基本的HTTP绑定效果很好,但是一旦我尝试添加凭据,我就会遇到配置错误。我已经花了几天的时间了,并且读了很多文章,但没有成功。
我尝试了
//
背后的代码 public class specificService : myServiceType
{
public static void Configure(ServiceConfiguration configuration)
{
// define https binding (I think it should be BasicHttpsBinding as opposed to BasicHttpBinding which also supports TLS but I am unsure)
var httpsBinding = new BasicHttpsBinding
{
MaxReceivedMessageSize = int.MaxValue,
Security = new BasicHttpsSecurity
{
Mode = BasicHttpsSecurityMode.Transport,
Transport = new HttpTransportSecurity
{
ClientCredentialType = HttpClientCredentialType.Certificate
}
}
};
configuration.AddServiceEndpoint(typeof(myServiceType), httpsBinding, string.Empty);
configuration.Description.Endpoints.Find(typeof(myServiceType))?.EndpointBehaviors.Add(new myNamespace.MyCustomEndpointBehavior());
configuration.Description.Behaviors.Add(new ServiceDebugBehavior { IncludeExceptionDetailInFaults = true });
configuration.Description.Behaviors.Add(new ServiceMetadataBehavior { HttpGetEnabled = true });
// Do I need to explicitly add my certificate?
X509Certificate2 myCert = ... get cert from local machine store
configuration.Credentials.ServiceCertificate.Certificate = myCert;
}
/* myServiceType interface */
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(Namespace="http://somenamespace", ConfigurationName="someothernamespace.Services.myServiceType")]
public interface myServiceType
{
// CODEGEN: Generating message contract since the operation specificAction is neither RPC nor document wrapped.
[System.ServiceModel.OperationContractAttribute(Action="http://somenamespace/specificAction")]
someothernamespace.Services.specificActionResponse specificAction(someothernamespace.Services.specificAction request);
}
我不断遇到"配置错误",没有太多详细说明我做错了什么。我已经尝试了不同的实现(WSHTTPBINDINGS(,但没有成功。
尽管WCF4.5宣布我们可以通过在服务实施类中使用静态配置方法来设置服务,但建议您在配置文件中配置服务。简洁明了。
//我需要明确添加我的证书吗?
您不需要设置证书,因为运输安全模式需要IIS网站绑定模块中的HTTPS基础地址。
此外,如果您想用证书对客户端进行身份验证,请参考以下链接。
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
我们应该在开始时建立服务器与客户端之间的信任关系,然后客户端应提供服务器信任的证书。由于MakeCert命令行已过时,我建议您使用PowerShell创建一个自签名的证书,并确保客户端和服务器运行时环境在dotnetframwork4.6.2。https://learn.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
https://github.com/dotnet/docs/issues/12000
随时让我知道是否有我可以帮助的。