NET中的SOAP SSL服务创建问题 [英] SOAP SSL service creating problem in .NET

问题描述

嗨！
在使用安全设置创建Web服务时，我们遇到了问题.
从CA收到的证书仅用于测试目的.
之后，我们执行以下操作:
1)使用httpcfg集ssl -i 0.0.0.0:777 -h
启用服务使用的端口 2)httpcfg设置urlacl -u https://:777/TlsService/ServiceSecure -a D:(A ;; GA ;;; AN)
3)httpcfg设置iplisten-i 0.0.0.0:777

WebService代码如下:

Hi!
We faced the problem during creating the web service with security settings.
Certificate was received from the CA just for test purposes.
After this we did following:
1) enabling port used by the service using the httpcfg set ssl -i 0.0.0.0:777 -h
2) httpcfg set urlacl -u https://:777/TlsService/ServiceSecure -a D:(A;;GA;;;AN)
3)httpcfg set iplisten-i 0.0.0.0:777

The WebService code is following:

WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;

ServiceHost host = new ServiceHost(typeof(DeviceObservationConsumer_hostPCDData), new Uri("https://<domainname>:777/TlsService/ServiceSecure"));
host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, (string)"bd 35 ec c0 e6 b3 9a ac 74 09 09 c5 84 b8 fd 58 51 44 87 7d");

host.AddServiceEndpoint(typeof(IDeviceObservationConsumer_Binding_Soap12), binding, "");

ServiceMetadataBehavior smb = host.Description.Behaviors.Find<servicemetadatabehavior>();
// If not, add one
if (smb == null)
    smb = new ServiceMetadataBehavior();
smb.HttpsGetEnabled = true;

host.Description.Behaviors.Add(smb);

// Add MEX endpoint
host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), "mex");

host.Open();

客户代码:

Client code:

WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;

EndpointAddress addr = new EndpointAddress("https://<domainname>:777/TlsService/ServiceSecure");

ChannelFactory<deviceobservationconsumer_porttype> myChannelFactory = new ChannelFactory<deviceobservationconsumer_porttype>(binding, addr);
//myChannelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, (string)"bd 35 ec c0 e6 b3 9a ac 74 09 09 c5 84 b8 fd 58 51 44 87 7d");

DeviceObservationConsumer_PortType client = myChannelFactory.CreateChannel();

CommunicatePCDDataRequest req = new CommunicatePCDDataRequest("ciao mamma guarda come mi diverto!");
CommunicatePCDDataResponse resp = client.CommunicatePCDData(req);

myChannelFactory.Close();

我们无法通过浏览器访问"https://<域名>:777/TlsService/ServiceSecure"，客户端会收到异常:向HTTPS://< PCname>发出HTTP请求时发生错误: 777/TlsService/ServiceSecure.这可能是由于在HTTPS情况下未使用HTTP.SYS正确配置服务器证书.这也可能是由于客户端和服务器之间的安全绑定不匹配引起的.

我们做错了什么?
我们不使用配置文件，一切都在代码内完成.

还有
httpcfg查询ssl
给出以下响应:

We can''t access the "https://<domainname>:777/TlsService/ServiceSecure" via browser and the client get the exception : An error occurred while making the HTTP request to https://<PCname>:777/TlsService/ServiceSecure. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

What we r doing wrong?
We do not using configuration file, everything is done inside the code.

And the
httpcfg query ssl
give as the response the following:

IP                      : 0.0.0.0:777
Hash                    : bd35ecc0e6b39aac74 9 9c584b8fd585144877d
Guid                    : {00000000-0000-0000-0000-000000000000}
CertStoreName           : MY
CertCheckMode           : 0
RevocationFreshnessTime : 0
UrlRetrievalTimeout     : 0
SslCtlIdentifier        : (null)
SslCtlStoreName         : (null)
Flags                   : 0

我想知道..哈希与我们放入的哈希有所不同...响应中显示的空格为"0" ...由于某些原因已被替换...可能是问题的原因?


任何建议，不胜感激！

谢谢
Liudmila

I was wondering .. the Hash is differ a bit from the one we put... the spaces presented on the response was the "0"... for some reason they were replaced... could it be the reason for the problem?


Any suggestion is appreciated!

Thanks
Liudmila

推荐答案

没关系.问题出在证书本身...

Never mind.. the problem was with certificate themselves...

这篇关于NET中的SOAP SSL服务创建问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！