WCF证书自定义验证 - 发送异常消息客户端 [英] WCF Certificate custom validation - send exception message to client

问题描述

我已经配置用于运输的安全和证书客户端凭据一个简单的WCF服务。
我插上的自定义证书验证它，并抛出一个FaultException异常。
我probkemn是esception消息未到达客户端：我只收到一个MessageSecurityException没有任何错误...
。如果我的net.tcp把我的服务（自托管的），我将接受。CommunicationExcetion，没有任何故障

I have a simple WCF service configured for with transport security and Certificate client credentials. I plug a custom certificate validator to it, and throws a FaultException. My probkemn is the esception message does not reach the client : i only receive a MessageSecurityException without any Fault... If i turn my service in net.tcp (self-hosted), i the receive a CommunicationExcetion, with no Fault either.

下面是我的web.config的一部分：

Here is a part of my web.config :

<system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding" messageEncoding="Text">
          <reliableSession enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="SecureService.Server.ChunkStreamService">
        <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" behaviorConfiguration="myBehavior" name="wsHttpEndPoint" contract="SecureService.Server.IChunkStreamService" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="myBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
              <authentication  customCertificateValidatorType="SecureService.Server.CPSValidator, SecureService.Server" certificateValidationMode="Custom" />
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

和我的验证：

    public class CPSValidator : System.IdentityModel.Selectors.X509CertificateValidator
  {
    public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
    {
       throw new FaultException("Certificate is not from a trusted issuer");
    }
  }

任何想法？

Any idea ?

在您的帮助谢谢！

推荐答案

随着叶海亚和Pablo回答，证书验证不发生在服务水平。因此，FaultException异常无法到达客户端。不过，这也仅仅是因为我使用的传输安全模式。为了发送信息回客户端我不得不从交通改变我的安全模式TransportWithMessageCredentials，像这样的：

As Yahia and Pablo answered, certificate validation does not happens at service level. Therefore, FaultException cannot reach the client. But this is true only because i am using the transport security mode. In order to send message back to the client i had to change my security mode from Transport to TransportWithMessageCredentials, like this :

<security mode="TransportWithMessageCredential">
  <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
  <message clientCredentialType="Certificate" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>

此方式，证书验证是在服务级别进行，以便一个错误消息可以被发送到客户throught一个FaultException异常。

This way, the certificate validation is done at service level, so that an error message can be sent to the client throught a faultException.

这篇关于WCF证书自定义验证 - 发送异常消息客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！