WCF传输安全,无认证 [英] WCF transport security with no authentication
问题描述
时有可能有安全运输无需验证?我很清楚它的缺陷,但我的ATM不能安装证书的客户端。
看来我可以设置WSHttpBinding.SecurityMode运输和在ClientCredentialType到HttpClientCredentialType.None,但是当我尝试调用服务我得到这个异常:
Is it possible to have transport security without authentication? I'm well aware of it's flaws but atm I can't install a certificate a the client side. It seems I can set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None, but when I try to call the service I get this exception:
同时使HTTP请求到HTTPS时出现错误:// [为MyService。这可能是由于这样的事实,在服务器证书不正确地与HTTP.SYS中的HTTPS情况下进行配置。这也可以由安全客户端和服务器之间的结合的不匹配引起的。
An error occurred while making the HTTP request to https://[MyService]. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
我不认为它是安全的客户端和因为我使用由SvcUtil工具生成的代理服务器之间的绑定不匹配。
I don't think it's a mismatch of the security binding between the client and the server because I'm using a proxy generated by svcutil.
为什么它寻找一个服务器证书,如果我设置为ClientCredentialType无?
Why's it looking for a server certificate if I've set the ClientCredentialType to None?
推荐答案
您可以有HTTPS无需验证的通讯,但你不能有HTTPS通信没有证书的,因为HTTPS加密使用证书。
You can have HTTPS communication without authentication, but you cannot have HTTPS communication without certificates, since HTTPS encryption uses certificates.
有几件事情要检查:
- 您可以访问通过HTTPS的WSDL或网站上的其他资源在浏览器?
- 请你这样做的时候获得有关证书的任何警告?
如果您不能访问WSDL或网站通过HTTPS上的其他资源,那么HTTPS是不是在服务器上配置。
If you can't access the WSDL or another resource on the site over HTTPS, then HTTPS isn't configured on the server.
如果你获得有关证书的警告,那么你就没有一个证书,客户端将信任。这里有三个选项;一个是从某处如威瑞将被信任得到有效的证书,另一种是安装在用户存储的值得信赖的一部分(这是你提到你不能这样做),最后证书关闭cerificate撤销在客户端的WCF配置。
If you get warnings about the certificate, then you don't have a certificate that the client will trust. There are three options here; one is to get a valid certificate from somewhere like Verisign that will be trusted, the other is to install the certificate in a trusted part of the user's store (which you can't do as you mentioned), and the final is to turn off the cerificate revocation in the client's WCF configuration.
这篇关于WCF传输安全,无认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
