具有证书的IIS中的WCF设置 [英] WCF Settings in IIS having certificate
问题描述
全部好,
我正面临有关WCF证书的问题。
我已创建证书并存储在本地计算机中以及在受信任的根文件夹中。
我在我的WCF Web.Config文件中应用了自定义绑定。
请帮助它紧急...提前谢谢。
这是web.config文件。
HI All,
I am facing an issue regarding the WCF certificates.
I have created certificates and stored in my local machine as well as in Trusted root folder.
I have applied custom binding in my WCF Web.Config file.
Kindly help its urgent...Thanks in advance.
Here is the web.config file.
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.serviceModel>
<services>
<service name="WcfServicetoConcat.Service1" behaviorConfiguration="WcfServicetoConcat.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="customBinding" bindingConfiguration="PolicyBinding" contract="WcfServicetoConcat.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<!--<dns value="localhost"/>-->
<certificateReference findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfServicetoConcat.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode ="PeerTrust"/>
</clientCertificate>
<serviceCertificate findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding">
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="PolicyBinding">
<transactionFlow transactionProtocol="WSAtomicTransactionOctober2004"/>
<security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSignatureConfirmation="true">
<secureConversationBootstrap/>
</security>
<mtomMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" maxBufferSize="2147483647" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
</mtomMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
客户端Web.config文件
Client Web.config file
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm"/>
<error statusCode="404" redirect="FileNotFound.htm"/>
</customErrors>
-->
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://inbom1-w0040.mcint.local/WCFService/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="WCFService.IService1" name="WSHttpBinding_IService1" behaviorConfiguration="ClientCert">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAMkf8a3FWNN+RnQynuNXaS1KCMD0gAAAAAQAAAPwBAAAwggH4MIIBYaADAgECAhB9by+wm+d+vkI71UqWf8hwMA0GCSqGSIb3DQEBBAUAMBUxEzARBgNVBAMTClJvb3RDQVRlc3QwHhcNMTMwMTI4MDUyMDMyWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlXQ2ZTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz9tAEOxFyLnk4JrLEmXP+anZ+LNHex0m3lU4WZ/i70Sr4SU04gu/bH42HveLrbhfOPRVAcqp+2STBKQmwNoTELx8EuP8sqtrX2abncbxMh4mM+4v8lLPsVSop8Pr/qb+T9FtSZu+KUFKZFYdmG1Bht954QC1A3RrzAKYry7sD/AgMBAAGjSjBIMEYGA1UdAQQ/MD2AEALyFbbJwckwFdikG7azmiGhFzAVMRMwEQYDVQQDEwpSb290Q0FUZXN0ghC2nVqXi142i03XiRUwYKbsMA0GCSqGSIb3DQEBBAUAA4GBAC3rBQWRz4/Fln7ovKxg8NA1QhFsOp1nSpxCo9Av8XqmsUPt+CHbQ/857I8/KFubttprjuOsdR/XZqEaCsXlecvW7L3PpixL+ZqDTFJAxzpxCplBomFITTJ+tY8/Y/Fu0gXuMljqtKQqXZDvuliBPDODxEoojhLwT6x3LhoyyBCb" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCert">
<clientCredentials>
<clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Error in IE
An error occurred when verifying security for the message.
i get the following exception from event veiwer
Exception information:
Exception type: SecurityNegotiationException
Exception message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
After enabling the WCF trace i have found the below error
Excpetion type :System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message :Security processor was unable to find a security header in the message.这可能是因为消息是不安全的故障,或者因为通信方之间存在绑定不匹配。 This can occur if the service is configured for security and the client is not using security
Kindly help
Error in IE
An error occurred when verifying security for the message.
i get the following exception from event veiwer
Exception information:
Exception type: SecurityNegotiationException
Exception message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
After enabling the WCF trace i have found the below error
Excpetion type :System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message :Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security
Kindly help
推荐答案
Hi,
After lot of pain ... i finaaly made the code working..
i dont know if its kind of right solution but itsurely worked for me..
i have just copied the customBinding of my server webconfig to client web config.
and changed the endpoint address to use custom binding.
Thats it.
Please le me know if some one is of different opinion ...
Thanks a lot for those who have atleast viewed the problem..
Cheers !!!
Hi,
After lot of pain ... i finaaly made the code working..
i dont know if its kind of right solution but itsurely worked for me..
i have just copied the customBinding of my server webconfig to client web config.
and changed the endpoint address to use custom binding.
Thats it.
Please le me know if some one is of different opinion ...
Thanks a lot for those who have atleast viewed the problem..
Cheers !!!
这篇关于具有证书的IIS中的WCF设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!