通过证书具有传输安全性的 WCF [英] WCF with transport security via certificates

问题描述

我想使用客户端证书保护我的 WCF 服务，即只允许来自特定根 CA 的客户端证书调用我的服务.

I want to secure my WCF service using client certificates, i.e. only client certificates from a specific root CA should be allowed to call my service.

出于测试目的，我首先创建了一个没有 CA 的客户端证书.我在服务器的证书存储中注册了客户端证书(在当前用户 -> 受信任的人下).

For testing purposes I've created a single client certificate without a CA first. I registered the client certificate at the server's certificate store (under current user -> trusted people).

在 VS2013 中，我在 WCF 服务项目上启用了 SSL，以便拥有一个 HTTPS 端点.我对服务的以下 Web.config 文件进行了如下调整:

Within VS2013 I've enabled SSL on the WCF service project in order to have an HTTPS endpoint. I've adapted the following Web.config file of the service as follows:

<serviceCredentials>
  <clientCertificate>
    <authentication certificateValidationMode="PeerTrust"/>
  </clientCertificate>
  ...
</serviceCredentials>

<wsHttpBinding>
  <binding name="wsHttpEndpointBinding">
    <security mode="Transport">
     <transport clientCredentialType="Certificate"/>
    </security>
  </binding>
</wsHttpBinding>

此外，我对客户端应用程序的 App.config 文件进行了如下调整:

Furthermore I've adapted the App.config file of my client application as follows:

<clientCredentials>
  <clientCertificate findValue="Client" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
  <serviceCertificate>
    <authentication certificateValidationMode="PeerTrust"/>
  </serviceCertificate>
</clientCredentials>

<wsHttpBinding>
  <binding name="WSHttpBinding_IService1">
    <security mode="Transport">
      <transport clientCredentialType="Certificate"/>
    </security>
  </binding>
</wsHttpBinding>

但是，这不起作用，我收到以下异常消息:

However, this does not work, I get the following exception message:

向 https://localhost:44300/Service1.svc 发出 HTTP 请求时发生错误.这可能是由于在 HTTPS 情况下未使用 HTTP.SYS 正确配置服务器证书这一事实.这也可能是由于客户端和服务器之间的安全绑定不匹配造成的.

An error occurred while making the HTTP request to https://localhost:44300/Service1.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

如果我切换到消息安全(而不是传输安全)并切换到 HTTP 协议，一切似乎都可以正常工作.所以我想我错过了一些启用 HTTPS 的步骤?！如何让运输安全发挥作用?

If I switch to message security (instead of transport security) and switch to the HTTP protocol everything seems to work just fine. So I guess I've missed some HTTPS-enabling step?! How to make transport security work?

推荐答案

您的证书配置不正确.请按照以下步骤操作

Your certificate is not configured properly.Follow below steps

复制证书的指纹并在提升模式下从命令提示符运行以下命令

Copy the thumbprint of the certificate and run below command from command prompt in elevated mode

   netsh http add sslcert [Ipaddress:port] certhash=[thumbprint of certifcate] 
appid={unique id for application.you can use GUID for this]


[Ipaddress:port] Ipaddress and port
[thumbprint of certifcate]: thumbprint of certificate without spaces
appid :unique id you can use guid

如何从命令提示符生成 GUID

打开visual studio命令提示符并运行下面的命令

Open visual studio command prompt and run below command

c:>uuidgen

这篇关于通过证书具有传输安全性的 WCF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！