SQL Server数据库中的WCF证书存储 [英] WCF Certificate Store from SQL Server Database
问题描述
我有一个SQL数据库,存储我的客户端证书为WCF服务和其他服务。 (X509等)。我想使用这个商店(而不是'我的')来检索此证书(而不是在web.config中声明),然后将其用于WCF。
我尝试在这个网站和谷歌搜索,但似乎不是很大的帮助。
目前我在做
var targetEndpoint = new EndpointAddress(targetLogicalAddress,targetIdentity);
MyTransportPortTypesClient proxy = new MyTransportPortTypesClient(WebConfigSection,targetEndpoint);
所以理想情况下,我想摆脱WebConfigSection,而不是通过某种WCF对象
有没有人知道如何解决这个问题?
我终于解决了这一点,这是我做的。 (我会分享我的经验,所以大家可以使用它)这是没有使用任何机器CertificateStore。它完全从数据库到客户端代理。
我创建了X509Certificate2对象并分配物理文件(在byte []中)。如果密码受到保护,您也可以输入密码。
然后我已将证书分配给我的代理客户端。
类似的东西:
proxy.ClientCredentials.ClientCertificate = __MyCertificate
现在我已经管理我的clientproxy,因为我是在我的app.config inteneted。这就是它。所有这些属性都将在您的代理对象中。
希望这有助于。
AFAIK它是至少非常困难,如果不是下来不可能。 WCF使用 SChannel SSPI提供程序身份验证,此SSPI提供商将只从加载证书SChannel CSP提供商。为了使用数据库中的证书,证书必须首先加载到 PROV_RSA_SCHANNEL CSP密钥库,然后此密钥库的证书上下文将传递到 AcquireCredentialsHandle 。例如,这是数据库镜像能够进行身份验证的方式使用存储在数据库中的证书。虽然可以在托管代码中完成所有这些步骤,但我不确定是否可以将它们插入WCF:我期望,但是可能不是为了微弱的心。 / p>
I have a SQL Database which is storing my client side certificate for WCF service and other services. (X509 etc). I would like to use this Store (instead of 'My') to retrive this certificate (instead of declaring it in web.config) and then use it for WCF.
I have tried to search on this site and google but does not seems to be much of a help.
Currently I am doing
var targetEndpoint = new EndpointAddress(targetLogicalAddress, targetIdentity);
MyTransportPortTypesClient proxy = new MyTransportPortTypesClient("WebConfigSection", targetEndpoint);
So ideally I would like to get rid of the "WebConfigSection" and instead pass some sort of WCF object which has certifictate signed.
Does anyone know how to achive this?
I have finally solved this and Here's how I did it. (I'll share my experiece so everyone can use it) This is without using any machine CertificateStore. Its purely from Database to the client Proxy.
I have created X509Certificate2 Object and assign physical file (in byte[]). You can also put password if its password protected.
Then I have assigned the certificate to my proxy client. Something like :
proxy.ClientCredentials.ClientCertificate = __MyCertificate
Now I have manupulated my clientproxy as I was inteneted to in my app.config. and that's it. All these properties will be in your proxy object.
Hope this helps.
AFAIK it is at least very difficult, if not down right impossible. WCF uses SChannel SSPI provider for the authentication and this SSPI provider will load certificates only from the SChannel CSP provider. In order to use a certificate from the database the certificate would have to be loaded first into a PROV_RSA_SCHANNEL CSP keystore and then the certificate context of this keystore would be passed to AcquireCredentialsHandle. For instance, this is how database mirroring is able to authenticate using a certificate stored in the database. While it is possible to do all these steps in managed code too, I'm not sure if is possible to plug them into WCF: I expect it is, but probably not for the faint of heart.
这篇关于SQL Server数据库中的WCF证书存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
