C#WCF似乎不检查客户端证书！ [英] C# WCF seems not to check the client certificate!

问题描述

大家好，

我正在编写一个wcf(TCPBinding)测试程序.我想使用TSL保护它.

我的服务器端配置代码如下:

Hi Guys,

I am writing a wcf (TCPBinding) test program. I want to make it secured by using TSL.

My server side configuration code is like this:

NetTcpBinding tcpBinding = new NetTcpBinding();
tcpBinding.TransactionFlow = false;
tcpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
tcpBinding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
tcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
host.Credentials.ServiceCertificate.SetCertificate(
                                             StoreLocation.LocalMachine,
                                             StoreName.My,               X509FindType.FindBySubjectName,                                             "ServerCerSubject");
 host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;

而我的客户端站点配置是这样的:

and my client site configuration is like this:

oBinding = new NetTcpBinding();
           ((NetTcpBinding)oBinding).ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
((NetTcpBinding)oBinding).Security.Mode = SecurityMode.TransportWithMessageCredential;
((NetTcpBinding)oBinding).Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
((NetTcpBinding)oBinding).Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
WCFServer=new ChannelFactory<WCFShared.ITCPServer>(oBinding, new EndpointAddress(UriString));
WCFServer.Credentials.ClientCertificate.SetCertificate(
                         StoreLocation.CurrentUser,
                         StoreName.My,
                         X509FindType.FindBySubjectName, "ClientCerSubject");

我已经通过Makecert.exe创建了服务器和客户端证书.

问题是，即使客户端使用其他证书，客户端也能够连接到服务器！我的意思是，如果我更改客户端以使用另一个证书，它仍然可以使用！

有人可以告诉我发生了什么事吗?

我希望客户端证书应该与服务器应用程序所使用的服务器证书相匹配！但是看来客户证书并不重要！我唯一注意到的是，客户端需要服务器证书存在于他信任的人中.

谢谢.

I have created the server and client certificate by Makecert.exe

The problem is the client is able to connect to the server even if it uses another certificate!! I mean if I change the client to use another certificate, it still works!

Can someone please tell me what is happening?

I expected that the client certificate should match with the server one that is used by my server application! but It seems that the client certificate is not important! the only thing I have noticed is, the Client needs server certificate to be exist in his trusted people.

Thanks.

推荐答案

您能否看一下以下文章:一种用于WCF安全性的使用证书的简便方法.看起来可以解决您的问题或对主题有所启发?！

亲切的问候，

Hi,

Could you please have a look at the following article: An easy way to use certificates for WCF security. Looks like it could solve your problem or put some light on the subject?!

Kind regards,

这篇关于C#WCF似乎不检查客户端证书！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！