证书“我的证书”可能没有能够进行密钥交换的私钥 [英] It is likely that certificate 'my cert' may not have a private key that is capable of key exchange
本文介绍了证书“我的证书”可能没有能够进行密钥交换的私钥的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想在我的wcf服务中实现自定义身份验证。
这是我的配置
< system.serviceModel>
< services>
< service name =" MyService.FileExchangeWebservice" behaviorConfiguration = QUOT; MyService_behavior">
< endpoint address =""结合= QUOT;&的wsHttpBinding QUOT;合同= QUOT; MyService.IFileExchangeWebservice" bindingConfiguration = QUOT; MyService_Config">< /端点>
< / service>
< / services>
< bindings>
< wsHttpBinding>
< binding name =" MyService_Config">
< security mode =" Message">
< message clientCredentialType =" UserName" />
< / security>
< / binding>
< / wsHttpBinding>
< / bindings>
< behavior>
< serviceBehaviors>
< behavior name =" MyService_behavior">
<! - 为避免泄露元数据信息,请在部署前将以下值设置为false - >
< serviceMetadata httpGetEnabled =" true" httpsGetEnabled = QUOT;真" />
<! - 要接收故障中的异常详细信息以进行调试,请将以下值设置为true。在部署之前设置为false以避免泄露异常信息 - >
< serviceDebug includeExceptionDetailInFaults =" true" />
< serviceCredentials>
< userNameAuthentication
userNamePasswordValidationMode =" Custom"
customUserNamePasswordValidatorType =" MyService.ErnDataServiceAuthentication,MyService" />
< serviceCertificate findValue =" MyService" x509FindType = QUOT; FindBySubjectName" STORENAME = QUOT;我" storeLocation = QUOT; CurrentUser" />
< / serviceCredentials>
< / behavior>
< / serviceBehaviors>
< / behavior>
< protocolMapping>
< add binding =" basicHttpsBinding"方案= QUOT; HTTPS" />
< / protocolMapping>
< serviceHostingEnvironment aspNetCompatibilityEnabled =" true" multipleSiteBindingsEnabled = QUOT;真" />
< /system.serviceModel>
现在当我在浏览器中打开服务时出现此错误:
" ; System.Security.Cryptography.CryptographicException:指定的提供程序类型无效
证书'my cert'可能没有私钥能够进行密钥交换"
我尝试了提供的解决方案
然后我们在代码片段中分配它。
< serviceCredentials> ;
< userNameAuthentication userNamePasswordValidationMode =" Custom" customUserNamePasswordValidatorType = QUOT; WCFwshttpbindingusername.CustUserNamePasswordVal,WCFwshttpbindingusername" />
< serviceCertificate findValue =" 1d1241ccbe7df059cbe832cffb1f5750dc79a162" x509FindType = QUOT; FindByThumbprint" storeLocation = QUOT; LOCALMACHINE" STORENAME = QUOT;我" />
< / serviceCredentials>
如果问题仍然存在,请随时告诉我。
最好的问候
亚伯拉罕
Hi,
I want to implement custom authentication in my wcf service.
This is my configuration
<system.serviceModel>
<services>
<service name="MyService.FileExchangeWebservice" behaviorConfiguration="MyService_behavior">
<endpoint address="" binding="wsHttpBinding" contract="MyService.IFileExchangeWebservice" bindingConfiguration="MyService_Config"></endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MyService_Config">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyService_behavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="MyService.ErnDataServiceAuthentication, MyService"/>
<serviceCertificate findValue="MyService" x509FindType="FindBySubjectName" storeName="My" storeLocation="CurrentUser"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>Now when i open the service in browser i get this error:
"System.Security.Cryptography.CryptographicException: Invalid provider type specified
It is likely that certificate 'my cert' may not have a private key that is capable of key exchange"
I tried the solutions provided here , but no success.
Some help with this would be great!!!
Thanks in advance,
Kabid
解决方案
Hi Kbid,
The solution is useful, the certificate of current user generally could not manage the private key of the certificate, we had better use the local machine certificate.
I offer you a workaround to achieve your requirement. Create a Self-signed certificate with IIS Server Certificates module.
It will be displayed in the local machine MY location, then add it to the Trusted Root Certificate Authority.
At last, we add the corresponding user group to the Management of the certificate. In order to make thing simple, I add the Everyone account.
Generally, our application pool uses the ApplicationPoolIdentity, we are supposed to add the below user.
IIS apppool\myapplicationpool
For details.
https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
Then we assign it in the code snippets.
<serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFwshttpbindingusername.CustUserNamePasswordVal,WCFwshttpbindingusername"/> <serviceCertificate findValue="1d1241ccbe7df059cbe832cffb1f5750dc79a162" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My"/> </serviceCredentials>
Feel free to let me know If the problem still exists.
Best Regards
Abraham
这篇关于证书“我的证书”可能没有能够进行密钥交换的私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
