Dud*_*udi 15 security https wcf certificate
我正在尝试配置WCF服务器\客户端以使用SSL
我得到以下异常:
客户端身份验证方案"Anonymous"禁止HTTP请求
我有一个自托管的WCF服务器.我运行hhtpcfg我的客户端和服务器证书都存储在本地计算机上的个人和受信任人员下
这是服务器代码:
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
binding.Security.Mode = WebHttpSecurityMode.Transport;
_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
_host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
_host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;
_host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My);
客户代码:
binding.Security.Mode = WebHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
WebChannelFactory<ITestClientForServer> cf =
new WebChannelFactory<ITestClientForServer>(binding, url2Bind);
cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My);
ServicePointManager.ServerCertificateValidationCallback
+= RemoteCertificateValidate;
查看web_tracelog.svclog和trace.log显示服务器无法验证客户端证书我的证书未由授权CA签名,但这就是我将它们添加到可信人员的原因....
我错过了什么?我错过了什么?
诀窍是使客户证书有效,
要做到这一点,你有两个选择:
1)使其自签名,然后将其置于"受信任的根证书颁发机构"下.
显然,在生产中,您希望您的客户端证书由受信任的CA签名而不是自签名.请参阅http://msdn.microsoft.com/en-us/library/ms733813.aspx
2)使用您创建的另一个证书(让我们称之为MyCA)签署您的客户端证书,并将MyCA放入"受信任的根证书颁发机构",并在"受信任的人"中拥有客户端证书.这样,您的开发环境就更接近部署.
如何创建和签署证书:查看http://msdn.microsoft.com/en-us/library/bfsktky3.aspx
这是我使用的一系列命令:
1)makecert -r -pe -ss My -sr LocalMachine -a sha1 -sky exchange -n cn = MyCA -sv"MyCAPrivate.pvk"
2)makecert -pe -ss My -sr LocalMachine -a sha1 -sky exchange -n cn = SignedClientCertificate -iv"MyCAPrivate.pvk"-ic"MyCAPublic.cer"