从 WCF 服务访问客户端证书属性 [英] Access client certificate properties from WCF Service

问题描述

我正在编写一个 WCF 服务，我需要访问用于连接到服务的客户端证书的哈希码.

I am writing a WCF service where I need to access the Hash Code of client certificates that are used to connect to the service.

我正在寻找类似于 ASP.NET 2.0 天的 Request.ClientCertificate 的属性或方法，但找不到任何可以轻松访问客户端证书的东西.

I am looking for a property or method similar to Request.ClientCertificate from ASP.NET 2.0 days but cannot find anything that allows easy access to the client certificate.

我们的服务设置为使用 basicHttpBinding 和传输"安全模式通过 SSL 运行.

Our service is set up such that it is running with SSL using basicHttpBinding and security mode of "Transport".

IIS 已设置为需要 SSL 并接受证书.

IIS has been set up to Require SSL and Accept certificates.

需要注意的是，我们用于保护端点的服务器证书来自与客户端证书不同的 CA - 客户端证书旨在仅通过自定义代码进行验证(因此需要获取哈希码的连接证书).

One thing to note is that our server certificate used to secure the endpoint is from a different CA to that of the client certificates - the client certificates are intended to be validated solely through custom code (thus the need to get the hash code of a connecting certificate).

我创建了 IDispatchMessageInspector 的自定义实现，以查看是否可以从那里访问客户端证书，但无济于事.

I have created a custom implementation of the IDispatchMessageInspector to see if there is any access to a client certificate from there but to no avail.

以前有没有人尝试过并且成功过?

Has anyone attempted this and had success before?

推荐答案

看起来最适合您的选择是为您的服务实施自定义证书验证器.这基本上是一个派生自 X509CertificateValidator 的类然后通过配置文件注册.

Looks like what the best option for you would be to implement a custom Certificate Validator for your service. This is basically a class that derives from X509CertificateValidator and is then registered through the config file.

这篇文章上提供了有关如何执行此操作的更完整信息.

There's more complete information on how to do this on this article.

这篇关于从 WCF 服务访问客户端证书属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！