如何在WCF Web服务（服务器端）上实现WSS：X509令牌配置文件1.0 [英] How to implement WSS: X509 Token Profile 1.0 on a WCF Web Service (Server Side)

问题描述

我是创建WCF Web服务的新手，我正在试图找出如何创建符合WSS的WCF服务：X509令牌配置文件1.0。有很多关于如何进行客户端配置的帖子，但是关于服务器配置并不多。

这个项目最初是作为WSDL首次生成的服务开始的，所以我无法改变客户端如何向我发送数据的任何内容，我需要让服务符合他们的数据发送。

我已经离开并为这项服务创建了一个自定义端点，但这就是我被困住的地方。我肯定只是为了使它符合下面的pdf，我只缺少一些小细节：



http：//docs.oasis-open。 org / wss / 2004/01 / oasis-200401-wss-x509-token-profile-1.0.pdf

I''m newer at creating WCF web services and I''m trying to figure out how to create a WCF service that conforms to the WSS:X509 Token Profile 1.0. There are many posts about how to do the client configuration however, not much about server configurations.
This project began as a WSDL-first generated service, so I am unable to change anything about how the client sends data to me, and I''m required to make the service conform to the data they send.
I''ve gone and created a custom endpoint for this service, however this is where i''m stuck. I''m sure theres just some small detail i''m missing to make it conform to the pdf below:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

<behavior name="Something.ServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="None" />
          <certificate findValue="ClientCertificate" 

                       storeLocation="LocalMachine" 

                       storeName="My" 

                       x509FindType="FindBySubjectName" />
        </clientCertificate>
        <serviceCertificate findValue="OurCertificate" 

                            storeLocation="LocalMachine" 

                            storeName="My" 

                            x509FindType="FindBySubjectName"/>
      </serviceCredentials>
      <serviceSecurityAudit auditLogLocation="Application"

                            serviceAuthorizationAuditLevel="Failure"

                            messageAuthenticationAuditLevel="Failure"

                            suppressAuditFailure="true" />
    </behavior>
  </serviceBehaviors>

  <service behaviorConfiguration="Something.ServiceName"

    name="Something.ServiceName">
    <endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" name="MetaDataEndPoint" contract="IMetadataExchange" />
    <endpoint address="" binding="customBinding" bindingConfiguration="CustomBinding0" name="customBindingEndPoint" contract="Something.IServiceName" >
    </endpoint>

    <binding name="CustomBinding0">
      <textMessageEncoding messageVersion="Soap12" />
      <security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" />
      <httpTransport />
    </binding>

非常感谢任何帮助/评论。

Any Help/Comments is greatly appreciated.

推荐答案

嗯，以上基本上是正确的。我只需要调整它是如何找到证书的（通过指纹而不是名字）并且它完美地工作。

Well, the above was basically correct. I just needed to tweak how it found the certificate (by thumbprint instead of by name) and it worked perfectly.

这篇关于如何在WCF Web服务（服务器端）上实现WSS：X509令牌配置文件1.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！