客户端身份验证方案“匿名”禁止HTTP请求。远程服务器返回错误:(403)禁止 [英] The HTTP request was forbidden with client authentication scheme 'Anonymous'. The remote server returned an error: (403) Forbidden
问题描述
我正在尝试创建一个安全的Web服务。
I am trying to create a secure webservice.
以下是合同和服务实现
[ServiceContract()]
public interface ICalculatorService
{
[OperationContract()]
int Add(int x, int y);
}
[ServiceBehavior(IncludeExceptionDetailInFaults=true)]
public class CalculatorService : ICalculatorService
{
public int Add(int x, int y)
{
return x + y;
}
}
这里我有服务代码
var b = new WSHttpBinding(SecurityMode.Transport);
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
Type contractType = typeof(ICalculatorService);
Type implementedContract = typeof(CalculatorService);
Uri baseAddress = new Uri("https://localhost:8006/CalculatorService");
ServiceHost sh = new ServiceHost(implementedContract);
sh.AddServiceEndpoint(contractType, b, baseAddress);
//ServiceMetadataBehavior sm = new ServiceMetadataBehavior();
//sm.HttpsGetEnabled = true;
//sm.HttpsGetUrl = new Uri("https://localhost:8006/CalculatorServiceMex");
//sh.Description.Behaviors.Add(sm);
sh.Credentials.Peer.PeerAuthentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");
sh.Open();
Console.WriteLine("Service is Listening");
Console.ReadLine();
sh.Close();
这是客户代码
var b = new WSHttpBinding(SecurityMode.Transport);
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
var factory = new ChannelFactory<ICalculatorService>(b);
factory.Credentials.Peer.PeerAuthentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");
var client = factory.CreateChannel(new EndpointAddress(new Uri("https://localhost:8006/CalculatorService")));
ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) =>
{
return true;
});
ICommunicationObject comObject = client as ICommunicationObject;
int result = -1;
try
{
comObject.Open();
result = client.Add(10, 2);
}
catch (Exception ex)
{
}
Console.WriteLine(string.Format("Service say 10 + 2 = {0}", -1));
Console.ReadLine();
服务运行良好,当进行ServicePointManager.ServerCertificateValidationCallback检查时,没有策略错误,正确建立证书链。
The service runs fine and when the ServicePointManager.ServerCertificateValidationCallback check is made there are no policy errors, with the correct certificate chain built.
我的受信任根目录中的CA和TrustedPeople存储中的服务器/客户端证书。此外,如果我从浏览器导航到该网站,我会看到返回的页面。没有错误
I have my CA in the trusted root and the server/client cert in the TrustedPeople store. Also if I navigate to the site from a browser I see a page returned. No errors
我已更新我觉得IIS是必需的,在IIS
中绑定证书
I have updated IIS to what I think are the required, bound the certificate in in IIS
并通过下面的命令行。
and via command line below.
I已将SSL设置设置为接受证书
I've set the SSL settings to accept certificates
并启用匿名身份验证。
and enabled anonymous authentication.
有谁知道我没有正确完成哪些步骤或看到有什么不妥之处?我一直收到相同的错误HTTP请求被禁止使用客户端身份验证方案'匿名'。
Does anyone know what steps I've not done correctly or see anything amiss? I keep getting the same error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
推荐答案
另一个原因是您正在服务的服务器上的证书本身。确保已导入PRIVATE KEY。在MMC中,这将显示友好名称。这花了我几天才弄明白。一旦我导入私钥,匿名错误消失了,一切都很好!
Another reason for this is the certificate itself on the server you are hitting. Ensure you have imported the PRIVATE KEY. In MMC this will show up with a "Friendly Name". This took me days to figure out. Once I imported the private key the Anonymous error went away and all was well!
这篇关于客户端身份验证方案“匿名”禁止HTTP请求。远程服务器返回错误:(403)禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
