客户端身份验证方案"Anonymous"禁止HTTP请求

Question

客户端身份验证方案"Anonymous"禁止HTTP请求

Zee*_*zer 8 security https wcf certificate transport-security

这种接缝是一个常见的问题,我在这里看了所有的答案,但没有一个有帮助.

我正在尝试使用SSL来处理在iis上托管的basichttpbinding和WCF服务.我认为问题出在iis或证书上.我在iis manager中创建了一个自签名证书.我的证书名为"mycomputer",也被置于"受信任的根证书"下.客户端找到证书没有问题.

我在iis中的设置是启用匿名身份验证,并禁用其他所有内容.还需要SSL并接受客户端证书.那是对的吗？如果我选择忽略,我会收到错误.

我看不出我的配置有什么问题,这些是正确的吗？

服务配置:

<system.serviceModel>
<services> 
  <service behaviorConfiguration="MyBehaviour" name="BasicHttpSecTest.Service1"> 
    <endpoint name="MyEndPoint" address="https://mycomputer/wp/" binding="basicHttpBinding" bindingConfiguration="ClientCertificateTransportSecurity" contract="BasicHttpSecTest.IService1" /> 
    <!--<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />-->
  </service> 
</services> 
<behaviors> 
  <serviceBehaviors> 
    <behavior name="MyBehaviour"> 
      <serviceMetadata httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
        </clientCertificate>
      </serviceCredentials>
    </behavior> 
  </serviceBehaviors> 
</behaviors> 
<bindings> 
  <basicHttpBinding> 
    <binding name="ClientCertificateTransportSecurity"> 
      <security mode="Transport"> 
        <transport clientCredentialType="Certificate" />
      </security> 
    </binding> 
  </basicHttpBinding> 
</bindings>
</system.serviceModel>

Run Code Online (Sandbox Code Playgroud)

客户端配置:

<system.serviceModel> 
<client>
    <endpoint address="https://mycomputer/wp/Service1.svc" binding="basicHttpBinding"
        bindingConfiguration="MyEndPoint" contract="ServiceSSLref.IService1"
        name="MyEndPoint1" behaviorConfiguration="ClientCertificateCredential"/>
</client>

<bindings>
    <basicHttpBinding>
        <binding name="MyEndPoint">
            <security mode="Transport">
                <transport clientCredentialType="Certificate" />
            </security>
        </binding>
    </basicHttpBinding>
</bindings>

<behaviors> 
  <endpointBehaviors> 
    <behavior name="ClientCertificateCredential"> 
      <clientCredentials> 
        <clientCertificate findValue="mycomputer" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" />
        <serviceCertificate>
          <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
        </serviceCertificate>
      </clientCredentials> 
    </behavior> 
  </endpointBehaviors> 
</behaviors>
</system.serviceModel>

Run Code Online (Sandbox Code Playgroud)

Answer 1

Ale*_*lex 6

我想你的问题可能在你的客户证书中.设置clientCredentialType ="Certificate"告诉WCF,该客户端必须指定服务器信任的证书.据我所知,您只有服务器端生成的证书.尝试设置

 <transport clientCredentialType="None" />

Run Code Online (Sandbox Code Playgroud)

这将允许您发送消息,而不需要服务器信任的证书.或者,您可以尝试在客户端生成证书并将其放入服务器上的"受信任"文件夹中.也许这个州会帮助你http://msdn.microsoft.com/en-us/library/ms731074.aspx

归档时间：	13 年，3 月前
查看次数：	60550 次
最近记录：	8 年，5 月前