MutualCertificate：WCF-WCF成功，BizTalk-WCF失败 [英] MutualCertificate: WCF-WCF success, BizTalk-WCF failure

查看：66 发布时间：2019/6/16 10:11:30 biztalkr2adapters

本文介绍了MutualCertificate：WCF-WCF成功，BizTalk-WCF失败的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

Hello All，

我正在尝试使用相互证书进行身份验证（只签署，不加密）。在WCF客户端和IIS 5中运行的WCF服务之间，一切都很成功。但是，在充当客户端（发送端口）的BizTalk（2006 R2）和在IIS 5中运行的WCF服务之间，BizTalk会在服务跟踪日志指示成功时抛出警告消息。来自BizTalk的警告消息是：

适配器无法传输发送到发送端口的消息" SP_ExampleService_CustomSecure"使用URL"http：//ComputerName/ExampleService.Host/MyService.svc"。它将在为此发送端口指定的重试间隔后重新传输。详细信息："System.ServiceModel.Security.MessageSecurityException：'Body'，'http：//www.w3.org/2003/05/soap-envelope'所需的消息部分未加密。

这里奇怪的是，在我的服务合同和运营合同中，我已将保护级别设置为"签署"。如果我将保护级别设置为"EncryptAndSign"......一切正常。以下是重要的配置位：

证书（我意识到这些设置可能有点冗长）：

LocalMachine / My包含两个带私钥的证书。

LocalMachine / TrustedPeople仅包含具有公钥的证书。

LocalMachine / OtherPeople（AddressBook）包含仅带公钥的服务证书。

CurrentUser / My包含带私钥的客户端证书。

CurrentUser / TrustedPeople包含两个仅带公钥的证书。

服务配置：

< system.serviceModel >

< bindings > < wsHttpBinding >

< binding name = " ; WCF_Certs " >

< security mode = " 消息 " >

< 消息 clientCredentialType = " 证书 " establishSecurityContext = " false " negotiateServiceCredential = " false " ; />

< / 安全性 >

< / binding >

< / wsHttpBinding >

< / bindings >

< behavior >

< serviceBehaviors >

< 行为 name = " ExampleService.ServiceImplementation.MyService_Behavior " >

< serviceDebug includeExceptionDetailInFaults = " true " />

< serviceMetadata httpGetEnabled = " true " />

< serviceCredentials >

< clientCertificate >

< 证书 findValue = " < client thumbprint> "

storeLocation = " CurrentUser " storeName = " TrustedPeople " x509FindType = " FindByThumbprint " />

< 身份验证 certificateValidationMode = " PeerTrust " trustedStoreLocation = " CurrentUser " / >

< / clientCertificate > ;

< serviceCertificate findValue = " < service thumbprint> "

storeLocation = " LocalMachine " storeName = " 我的 " x509FindType = " FindByThumbprint " />

< / serviceCredentials >

< / 行为 >

< / serviceBehaviors > ;

< / 行为 >

< 服务 >

< service behaviorConfiguration = " ExampleService.ServiceImplementation.MyService_Behavior " name = " ExampleService.ServiceImplementation.MyService " >

< endpoint 地址 = " ;" binding = " wsHttpBinding " bindingConfiguration = " WCF_Certs " name = " 默认 " bindingNamespace = " http://example.com/ ServiceContracts " contract = " ExampleService.ServiceContracts.IMyServiceContract " />

< endpoint address = " mex " binding = " mexHttpBinding " 合同 = " IMetadataExchange " />

< / service >

< / 服务 >

< diagnostics >

< messageLogging logEntireMessage = " true " logMalformedMessages = " false " logMessagesAtServiceLevel = " true " logMessagesAtTransportLevel = " true " maxMessagesToLog = " 3000 " maxSizeOfMessageToLog = " 2000000 " />

< / diagnostics >

< / system.serviceModel >

客户端配置（我通过使用WCF-WSHttp，Security = Message，Auth = Certificate，禁用的negociate服务凭证，禁用的建立安全上下文，并选择了两者来模拟此配置与BizTalk证书）：

< system.serviceModel >

< behavior >

< endpointBehaviors >

< 行为 name = " 默认 " >

< clientCredentials >

< clientCertificate findValue = " CN = ClientSide " storeLocation = " LocalMachine "

storeName = " 我的 " x509FindType = " FindBySubjectDistinguishedName " />

< serviceCertificate >

< defaultCertificate findValue = " CN = ComputerName " storeLocation = " LocalMachine "

storeName = " AddressBook " x509FindType = " FindBySubjectDistinguishedName " />

< authentication certificateValidationMode = " Peer Trust " revocationMode = " NoCheck " />

< / serviceCertificate >

< / clientCredentials >

< / 行为 >

< / endpointBehaviors >

< / 行为 >

< bindings >

< wsHttpBinding >

< 结合 name = " WCF_Certs " >

< security mode = " 消息 " >

< 消息 clientCredentialType = " 证书 " negotiateServiceCredential = " false " establishSecurityContext = " false " />

< / 安全 >

< / binding >

< / wsHttpBinding >

< / bindings >

< client >

< endpoint 地址 = http：//ComputerName/ExampleService.Host/MyService.svc

behaviorConfiguration = " 默认 " binding = " wsHttpBinding " bindingConfiguration = " WCF_Certs "

合同 = " ExampleService.Client.Proxy.MyServiceContract " name = " 默认 " >

< / endpoint >

< / client >

< / system.serviceModel >

WCF服务合同：

[WCF :: ServiceContract （Namespace = " http://example.com/ServiceContracts" ，Name = " MyServiceContract" ，SessionMode = WCF :: SessionMode 。允许，ProtectionLevel = ProtectionLevel .Sign）]

[WCF :: XmlSerializerFormat ]

public partial interface IMyServiceContract

{

[WCF :: OperationContract （IsTerminating = false ，IsInitiating = true ，IsOneWay = false ，AsyncPattern = false ，Action = " http：//example.com/ServiceContracts/MyServiceContract/HandleData" ，ProtectionLevel = ProtectionLevel .Sign）]

ExampleService.MessageContracts。 OutputMessage HandleData（ExampleService.MessageContracts。 InputMessage request） ;

}

我不知道它为什么会起作用使用EncryptAndSign但不签名。任何见解都非常受欢迎，因为我在最终的想法。另请注意，如果我将WCF客户端app.config导入WCF-Custom适配器，我会收到相同的错误。

谢谢，

Joseph

解决方案

你检查过这个： http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=1935360&SiteID=1

Hello All,

I'm trying to authenticate with mutual certificates (only to sign, not encrypt). Between a WCF client and the WCF service running in IIS 5, everything is successful. However, between BizTalk (2006 R2) acting as the client (Send Port) and the WCF service running in IIS 5, BizTalk throws a warning message while the service trace logs indicate success. The warning message from BizTalk is:

The adapter failed to transmit message going to send port "SP_ExampleService_CustomSecure" with URL "http://ComputerName/ExampleService.Host/MyService.svc". It will be retransmitted after the retry interval specified for this Send Port. Details:"System.ServiceModel.Security.MessageSecurityException: The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part was not encrypted.

The strange thing here is that in my service contract and operation contract I have set the protection level to "Sign". If I set the Protection Level to "EncryptAndSign"... everything works. Here are the important configuration bits:

Certificates (I realize these settings may be a little verbose):

LocalMachine/My contains both certificates with the private key.

LocalMachine/TrustedPeople contains both certificates with public key only.

LocalMachine/OtherPeople (AddressBook) contains the service certificate with public key only.

CurrentUser/My contains the client certificate with private key.

CurrentUser/TrustedPeople contains both certificates with public key only.

Service Configuration:

<system.serviceModel>

</security>

</binding>

</wsHttpBinding>

</bindings>

<certificate findValue="<client thumbprint>"

storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindByThumbprint" />

</clientCertificate>

<serviceCertificate findValue="<service thumbprint>"

storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />

</serviceCredentials>

</behavior>

</serviceBehaviors>

</behaviors>

</service>

</services>

</diagnostics>

</system.serviceModel>

Client Configuration (I mimic this configuration with BizTalk by using WCF-WSHttp, Security = Message, Auth = Certificate, disabled negociate service credential, disabled establish security context, and selected both certificates):

<system.serviceModel>

<clientCertificate findValue="CN=ClientSide" storeLocation="LocalMachine"

storeName="My" x509FindType="FindBySubjectDistinguishedName" />

<defaultCertificate findValue="CN=ComputerName" storeLocation="LocalMachine"

storeName="AddressBook" x509FindType="FindBySubjectDistinguishedName" />

</serviceCertificate>

</clientCredentials>

</behavior>

</endpointBehaviors>

</behaviors>

</security>

</binding>

</wsHttpBinding>

</bindings>

<endpoint address=http://ComputerName/ExampleService.Host/MyService.svc

behaviorConfiguration="Default" binding="wsHttpBinding" bindingConfiguration="WCF_Certs"

contract="ExampleService.Client.Proxy.MyServiceContract" name="Default">

</endpoint>

</client>

</system.serviceModel>

WCF Service Contract:

[WCF::ServiceContract(Namespace = "http://example.com/ServiceContracts", Name = "MyServiceContract", SessionMode = WCF::SessionMode.Allowed, ProtectionLevel = ProtectionLevel.Sign )]

[WCF::XmlSerializerFormat]

public partial interface IMyServiceContract

{

[WCF::OperationContract(IsTerminating = false, IsInitiating = true, IsOneWay = false, AsyncPattern = false, Action = "http://example.com/ServiceContracts/MyServiceContract/HandleData", ProtectionLevel = ProtectionLevel.Sign)]

ExampleService.MessageContracts.OutputMessage HandleData(ExampleService.MessageContracts.InputMessage request);

}

I don't know why it would work with EncryptAndSign but not Sign. Any insight is much appreciated as I am at my end for ideas. Also note that I get the same error if I import the WCF Client app.config into the WCF-Custom adapter.

Thanks,

Joseph

解决方案

Did you check this: http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=1935360&SiteID=1

这篇关于MutualCertificate：WCF-WCF成功，BizTalk-WCF失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

MutualCertificate：WCF-WCF成功，BizTalk-WCF失败 [英] MutualCertificate: WCF-WCF success, BizTalk-WCF failure

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录关闭

MutualCertificate：WCF-WCF成功，BizTalk-WCF失败 [英] MutualCertificate: WCF-WCF success, BizTalk-WCF failure

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录 关闭

登录关闭