Ars*_*ray 8 c# security wcf makecert x509
任何人都可以向我提供有关如何创建自签名证书的示例,该证书将被以下代码接受:
ServiceHost svh = new ServiceHost(typeof(MyClass));
var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true);
//security
tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator();
svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom;
svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate;
....
svh.Open();
我用过
makecert -pe myCertificate
和
makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine
和
makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange
我试图用BouncyCastle生成证书,但每次我都得到以下异常:
It is likely that certificate 'CN=Dev Certification Authority' may not have a
private key that is capable of key exchange or the process may not have access
rights for the private key. Please see inner exception for detail.
内部异常为null.
它可能有一个技巧,但我没有得到它.
如何为我的WCF服务生成适当的证书?
以下代码适用于框架 4.0: 首先
在 LocalMachine 中手动安装证书作为受信任证书
非常重要
。为此,您可以通过打开服务器位置从 Internet Explorer 简单地安装它。
第二个 是响应服务器错误,因为自签名证书
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using System.Net.Security;
namespace WCFSelfSignCert
{
class Program
{
static void Main(string[] args)
{
//You have to install your certificate as trusted certificate in your LocalMachine
//create your service client/ procy
using (MyProxy.ServiceClient client = new MyProxy.ServiceClient())
{
//server certification respond with an error, because doesnt recognize the autority
ServicePointManager.ServerCertificateValidationCallback += OnServerValError;
//Assign to self sign certificate
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.Root,
X509FindType.FindBySubjectName,
"MY custom subject name"); //SubjectName(CN) from certificate
//make a test call to ensure that service responds
var res = client.echo("test");
Console.WriteLine(res);
Console.ReadKey();
}
}
public static bool OnServerValError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
//mute the error, or provide some custom validation code
return true;
//or more restrictive
// if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
//{
// return true;
// }
// else
//{
// return false;
// }
}
}
}
| 归档时间: |
|
| 查看次数: |
3882 次 |
| 最近记录: |