带证书身份验证的 BasicHttpBinding - 错误“禁止"? [英] BasicHttpBinding with Certificate authentication - error "forbidden"?

查看:29
本文介绍了带证书身份验证的 BasicHttpBinding - 错误“禁止"?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 BasicHttpBinding 在传输级别使用 SSL 证书使 WCF 服务器和客户端相互验证.以下是服务器的创建方式:

I'm trying go get WCF server and client mutually authenticate each other using SSL certificates on transport level using BasicHttpBinding. Here's how the server is getting created:

var soapBinding = new BasicHttpBinding() { Namespace = "http://test.com" };
soapBinding.Security.Mode = BasicHttpSecurityMode.Transport;
soapBinding.Security.Transport.ClientCredentialType =
    HttpClientCredentialType.Certificate;
var sh = new ServiceHost(typeof(Service1), uri);
sh.AddServiceEndpoint(typeof(IService1), soapBinding, "");
sh.Credentials.ServiceCertificate.SetCertificate(
    StoreLocation.LocalMachine, StoreName.My, 
    X509FindType.FindBySubjectName, "localhost");
sh.Open();

这是客户:

var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
var service = new ServiceReference2.Service1Client(binding,
    new EndpointAddress("https://localhost:801/Service1"));

service.ClientCredentials.ClientCertificate.SetCertificate(
    StoreLocation.LocalMachine, StoreName.My, 
    X509FindType.FindBySubjectName, "localhost");

service.ClientCredentials.ServiceCertificate.Authentication.
    CertificateValidationMode =
        System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;

service.HelloWorld();

本地主机的证书位于个人、受信任的根和受信任的第 3 方容器中.Internet Explorer 可以连接到主机并查看 WSDL.此外,SSL 调用与 ClientCredentialType = HttpClientCredentialType.None 一起工作正常

Certificate for localhost is in Personal, Trusted Root and Trusted 3rd Party containers. Internet Explorer can connect to host and see WSDL. Also, SSL calls work fine with ClientCredentialType = HttpClientCredentialType.None

HelloWorld() 失败:

HelloWorld() fails with:

System.ServiceModel.Security.MessageSecurityException occurred<br/>
  Message="The HTTP request was forbidden with client authentication
  scheme 'Anonymous'."

这是一个重新抛出的异常:远程服务器返回错误:(403)禁止."

which is a rethrown exception from: "The remote server returned an error: (403) Forbidden."

人们如何了解 wtf 正在发生的事情?

how does one go around figuring out wtf is going on?

推荐答案

尝试在设置 Security.Mode 后立即在客户端中添加:

Try adding this in the client just after setting Security.Mode:

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

这篇关于带证书身份验证的 BasicHttpBinding - 错误“禁止"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆