emp*_*mpi 12 security iis wcf certificate
我想在我的WCF服务中检查客户端证书.
我的目标是只允许具有特定指纹证书的客户能够与我的服务进行通信.
我的WCF服务托管在IIS中,我使用basicHttpBinding和安全模式="transport",凭据类型为"Certificate".IIS需要客户端证书才能与服务进行通信.
在此先感谢您的帮助.
更新:我的配置:
<basicHttpBinding>
<binding
name="testBinding"
maxReceivedMessageSize="2147483647">
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
行为:
<serviceBehaviors>
<behavior name="SomeServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="SomeService.CustomCertificateValidator,SomeService" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
服务配置:
<service
behaviorConfiguration="SomeServiceBehavior"
name="SomeService">
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="testBinding"
contract="ISomeService">
</endpoint>
</service>
为了测试目的,我以这种方式实现了验证器:
public class CustomCertificateValidator : X509CertificateValidator
{
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
throw new SecurityTokenValidationException("TEST Certificate was not issued by a trusted issuer TEST");
}
}
这不起作用.我可以使用任何有效证书连接到我的服务.
Mau*_*ice 14
您可以创建一个派生自X509CertificateValidator的类,并使用它来对传入证书进行自定义验证.如果由于某种原因想要验证失败,则抛出SecurityTokenValidationException.
将certificateValidationMode设置为Custom,并在配置文件的clientCertificate服务行为部分中指定验证器.
| 归档时间: |
|
| 查看次数: |
15101 次 |
| 最近记录: |