带有证书的webHttpBinding [英] webHttpBinding with certificate

问题描述

我正在尝试确保自助服务的安全。
调用服务将返回以下内容：

基础连接已关闭：接收时发生意外错误。

I am trying to secure a self hosted service. Calling the service returns this:
The underlying connection was closed: An unexpected error occurred on a receive.

服务端点看起来像这样

<endpoint address="https://MACHINE:8010/rest/users" binding="webHttpBinding" bindingConfiguration="certificate" contract="Online.DomainObjects.Remote.IUserManagerRemote" />

我这样做是为了打开访问权限：

I have done this to open up access:

 netsh http add urlacl "url=https://+:8010/" user=BUILTIN\Users

我已在服务器上打开WCF跟踪，但是在日志中未获取任何信息，因此这是客户端连接问题。

I have turned WCF tracing on in the server, but get no information in the logs, so this is a client connection issue.

我已经添加了服务行为。

I have added a service behavior.

    <behavior name="certificate">
      <serviceCredentials>
        <serviceCertificate
          storeLocation="LocalMachine"
          x509FindType="FindByThumbprint"
          findValue="VALIDTHUMBPRINT" />
      </serviceCredentials>
    </behavior>

我添加了绑定配置。

  <webHttpBinding>
    <binding name="certificate">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </webHttpBinding>

以下代码用于调用服务

    X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);    
    var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "VALIDTHUMBPRINT", false).OfType<X509Certificate2>().First();

    var request = (HttpWebRequest) WebRequest.Create("https://machine:8010/rest/users/display?key=OnlineStanlibId(1653510)");
    request.ClientCertificates.Add(certificate);
    request.Method = "GET";
    using (var reader = new StreamReader(request.GetResponse().GetResponseStream()))
        reader.ReadToEnd().Dump();

如果我尝试使用提琴手（使用ssl解码）来检查错误，我会明白这一点。 / p>

If I try and use fiddler (using the ssl decode) to examine the errors I get this.

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.1 (TLS/1.0)
    Random: 53 F3 39 10 E8 4B 5C D6 17 02 8B A0 42 CD 98 B7 37 56 3F B4 35 E6 3E B5 15 89 3B 6D E9 8F BA 19
    SessionID: empty
    Extensions: 
        renegotiation_info  00
        server_name slc11555001
        elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
        ec_point_formats    uncompressed [0x0]
    Ciphers: 
        [002F]  TLS_RSA_AES_128_SHA
        [0035]  TLS_RSA_AES_256_SHA
        [0005]  SSL_RSA_WITH_RC4_128_SHA
        ...(There are more of these)

关于如何进一步调试的任何建议都很棒...

Any suggestions on how to debug this further would be great...

提琴手的文本视图显示了这一点：$ b​​ $ b与计算机的HTTPS握手失败。 System.IO.IOException无法从传输连接中读取数据：

The fiddler text view reveals this: HTTPS handshake to 'machine' failed. System.IO.IOException Unable to read data from the transport connection:

推荐答案

在创建自托管的Windows Communication Foundation（WCF）时）使用传输安全性的服务，还必须使用X.509证书配置端口。为了将证书绑定到服务，您需要使用 netsh add sslcert命令并提供证书的指纹，应用程序/服务guid和ip / port。

When creating a self-hosted Windows Communication Foundation (WCF) service that uses transport security, you must also configure the port with an X.509 certificate. In order to bind the certificate to the service you need to use the `netsh add sslcert' command and supply the certificate’s thumbprint, the application/service guid and the ip/port.

netsh http add sslcert ipport=0.0.0.0:8000 certhash=000...a5e6 appid={001-...-FEFF} 

以下链接提供了很好的参考：

http://msdn.microsoft.com/en-us/ library / ms733791（v = vs.110）.aspx

从控制台应用程序获取HTTPS吗？

The following link provides a good reference:
http://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx
HTTPS from a console application?

这篇关于带有证书的webHttpBinding的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！