WCF证书自定义验证 - 发送异常消息客户端 [英] WCF Certificate custom validation - send exception message to client
问题描述
我已经配置用于运输的安全和证书客户端凭据一个简单的WCF服务。
我插上的自定义证书验证它,并抛出一个FaultException异常。
我probkemn是esception消息未到达客户端:我只收到一个MessageSecurityException没有任何错误...
。如果我的net.tcp把我的服务(自托管的),我将接受。CommunicationExcetion,没有任何故障
I have a simple WCF service configured for with transport security and Certificate client credentials. I plug a custom certificate validator to it, and throws a FaultException. My probkemn is the esception message does not reach the client : i only receive a MessageSecurityException without any Fault... If i turn my service in net.tcp (self-hosted), i the receive a CommunicationExcetion, with no Fault either.
下面是我的web.config的一部分:
Here is a part of my web.config :
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding" messageEncoding="Text">
<reliableSession enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SecureService.Server.ChunkStreamService">
<endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" behaviorConfiguration="myBehavior" name="wsHttpEndPoint" contract="SecureService.Server.IChunkStreamService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="myBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication customCertificateValidatorType="SecureService.Server.CPSValidator, SecureService.Server" certificateValidationMode="Custom" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
和我的验证:
public class CPSValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
throw new FaultException("Certificate is not from a trusted issuer");
}
}
任何想法?
Any idea ?
在您的帮助谢谢!
推荐答案
随着叶海亚和Pablo回答,证书验证不发生在服务水平。因此,FaultException异常无法到达客户端。不过,这也仅仅是因为我使用的传输安全模式。为了发送信息回客户端我不得不从交通改变我的安全模式TransportWithMessageCredentials,像这样的:
As Yahia and Pablo answered, certificate validation does not happens at service level. Therefore, FaultException cannot reach the client. But this is true only because i am using the transport security mode. In order to send message back to the client i had to change my security mode from Transport to TransportWithMessageCredentials, like this :
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>
此方式,证书验证是在服务级别进行,以便一个错误消息可以被发送到客户throught一个FaultException异常。
This way, the certificate validation is done at service level, so that an error message can be sent to the client throught a faultException.
这篇关于WCF证书自定义验证 - 发送异常消息客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!