带证书身份验证的传输安全 [英] Transport Security with Certificate Authentication

问题描述

当我访问我的 webservice localhost/MyService/MyService.svc 时出现以下错误

I'm getting the following error when I access my webservice localhost/MyService/MyService.svc

服务 'SslRequireCert' 的 SSL 设置与 IIS 'Ssl, SslNegotiateCert' 的设置不匹配.

The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'.

我遵循了 http://msdn.microsoft.com/en-us/library/ms731074.aspx

这是我的 wcf 服务器 web.config:

Here is my wcf server web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <appSettings />
  <system.web>
    <identity impersonate="false" />
    <roleManager enabled="true" />
    <authentication mode="Windows" />
    <customErrors mode="Off" />
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
  </system.web>
  <system.webServer>
    <directoryBrowse enabled="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <security>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="*" roles="" />
      </authorization>
    </security>
  </system.webServer>
  <system.serviceModel>
    <services>
      <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
        <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyServiceBehavior">
          <serviceDebug includeExceptionDetailInFaults="True" />
          <serviceMetadata />
          <serviceCredentials>
            <clientCertificate>
              <authentication trustedStoreLocation="LocalMachine"
                               revocationMode="Online"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="CertificateWithTransportWSHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>
</configuration>

我已将 IIS 配置如下:

I've configured IIS as follows:

• 使用自签名证书添加 https 绑定
• 在 SSL 设置下，勾选需要 SSL 并接受客户端证书
• 自签名证书已添加到本地计算机可信根 CA.

我可以浏览和执行 .asmx 服务定义，但 .svc 给了我上述错误.

I can browse and execute the .asmx service definition, but the .svc gives me the error described above.

推荐答案

尝试注释掉您的 mex 端点.这应该让它工作

Try to comment out your mex endpoint. That should get it working

这篇关于带证书身份验证的传输安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！