WCF异常-未提供客户端证书.在ClientCredentials中指定客户端证书. [英] WCF Exception - The client certificate is not provided. Specify a client certificate in ClientCredentials.
问题描述
在阅读了我在该主题上能够找到的大部分内容,并尝试了许多不同的选择之后,我没有取得任何进展,因此,本篇博文.
After reading most of what I have been able to find on this subject, and attempting many different options, I am not making any progress, and hence this post.
我希望将SSL与自托管WCF服务结合使用,并将安全模式设置为具有HTTP传输的TransportWithMessageCredential.我正在使用2台开发机并通过LAN进行测试.
I wish to use SSL with a self-hosted WCF service, having security mode as TransportWithMessageCredential with HTTP transport. I am using 2 dev machines and testing over a LAN.
如上所述,我已经阅读并认真地遵循了几乎所有能证明这一点的示例,但是在某种程度上证书仍然存在问题.
As mentioned above, I have read and meticulously followed just about every example which demonstrates this, yet somehow still have issues with the certificates.
就证书而言,我尝试了很多事情.
As far as the certificates are concerned, I have tried a number of things.
主要的剑"我所做的只是遵循 http://msdn.microsoft. com/en-us/library/ff647171.aspx
The main "jist" of what I did was to follow what is given inhttp://msdn.microsoft.com/en-us/library/ff647171.aspx
我还使用了如何:在Windows窗体的WCF调用中使用证书身份验证和消息安全性" http://msdn.microsoft.com/en-us/library/ff648360.aspx 作为基本指南.
I also used "How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms" in http://msdn.microsoft.com/en-us/library/ff648360.aspx as a basic guide.
我首先在Http上使用basicHttpBinding测试了服务和客户端,以便进行验证.
I first tested the service and client using basicHttpBinding over Http in order to verify things.
然后我对wsHttpBinding,SSL和证书进行了更改.
I then made changes for wsHttpBinding, SSL, and Certificates.
当我在客户端开发PC上添加服务参考"时,收到以下错误消息
When I "Add Service Reference" on the client dev PC, I receive an error as follows
一个名为安全警报"的窗口;将打开,显示以下内容:
A windows titled "Security Alert" opens with the following content:
Visual Studio检测到站点的安全证书有问题.
Visual Studio has detected a problem with the site's security certificate.
颁发者:RootCATest颁发者:TempCert证书的有效日期---
Issued By: RootCATest Issued to: TempCert Certificate is valid from---
公司颁发的安全证书不在不信任列表中.这可能是值得信赖的.
The security certificate issued by a company is not in the untrust list. It might be trustable.
安全证书的日期有效.
主机"TempCert"的安全证书与您要查看的页面的名称不匹配.
The security certificate for host 'TempCert' does not match the name of the page you are trying to view.
您要继续吗(是/否)
如果我单击是"继续并运行客户端代码,则会出现InvalidOperationException并显示以下消息.
If I click "Yes" to proceed, and run the client code, an InvalidOperationException occurs with the following message.
未提供客户端证书.在ClientCredentials中指定客户端证书."
"The client certificate is not provided. Specify a client certificate in ClientCredentials."
服务配置如下:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="CN=TempCert"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SBSWCFServiceHost.Operations"
behaviorConfiguration="ServiceBehavior">
<endpoint name="wsHttpEndpoint"
address=""
binding="wsHttpBinding"
bindingConfiguration="wsHttpEndpointBinding"
contract="SBSWCFServiceHost.IOperations" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint name="mexHttpEndpoint"
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" >
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://10.0.0.103:8003/SBSWCFServiceHost/Operations/" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>客户端配置如下:
The client config is as follows:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="EndpointBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="e4c87a961f796be6b6cab59c3760e43ffb6e941d"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://10.0.0.103:8003/SBSWCFServiceHost/Operations/"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
contract="SBSWCFService.IOperations" name="wsHttpEndpoint">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>如前所述,我已经使用basicHttpBinding成功测试了一些客户端/服务器调用.
As mentioned earlier, I have successfully tested some client / server calls using basicHttpBinding.
以下是根据许多帖子和文档的内容对我执行的任务的总结.
The following is a Summary of the tasks I performed, based on the contents of numerous posts and documents.
-
在服务器上创建一个自签名的CA证书(名为RootCATest),并将其放置在本地计算机的受信任的根证书颁发机构证书"文件夹中.
-
Created a self-signed CA certificate (named RootCATest) on the server, and placed it in the Trusted Root Certification Authorities Certificates folder of the Local Computer.
在服务器上创建了一个由RootCATest证书(名为TempCert)签名的证书,并将其放置在本地计算机"的个人证书"文件夹中.
Created a certificate which is signed by the RootCATest certificate (named TempCert), on the server, and placed it in the Personal Certificates folder of the Local Computer.
导出了TempCert证书和私钥.
Exported the TempCert certificate and private key.
将TempCert .cer和.pvk文件复制到客户端计算机,并将TempCert证书导入到本地计算机的个人证书"文件夹中.
Copied the TempCert .cer and .pvk files to the client machine, and imported the TempCert Certificate into the Personal Certificates folder of the Local Computer.
已执行服务器上的ICalcs.exe [私有密钥路径]/grant"NT AUTHORITY \ NETWORK SERVICE":R,使用指向TempCert证书的私有密钥的路径.
Executed ICalcs.exe [private key path] /grant "NT AUTHORITY\NETWORK SERVICE":R on the server machine, using the path to the private key for the TempCert certificate.
已执行netsh http在服务器计算机上添加sslcert ipport = 0.0.0.0:8003 certhash = [TempCert指纹] appid = [{{application id}]
Executed netsh http add sslcert ipport=0.0.0.0:8003 certhash=[TempCert thumbprint] appid=[{application id}] on the server machine
我相信我已经接近完成这项工作了,但是一段时间没有取得任何进展.
I believe I am close to getting this working, yet have not made any progress for some time.
任何帮助或建议,将不胜感激.
Any assistance or suggestions will be greatly appreciated.
非常感谢.
推荐答案
我希望以下URl可以帮助您解决问题.
I hope the following URl wil help you to slove the problem.
http://www.codeproject .com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF
这篇关于WCF异常-未提供客户端证书.在ClientCredentials中指定客户端证书.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
