11
我正在嘗試創建一個安全的web服務。HTTP請求被禁止,客戶端身份驗證方案爲「匿名」。遠程服務器返回錯誤:(403)Forbidden
這裏是合同和服務實現
[ServiceContract()]
public interface ICalculatorService
{
[OperationContract()]
int Add(int x, int y);
}
[ServiceBehavior(IncludeExceptionDetailInFaults=true)]
public class CalculatorService : ICalculatorService
{
public int Add(int x, int y)
{
return x + y;
}
}
在這裏,我的服務代碼
var b = new WSHttpBinding(SecurityMode.Transport);
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
Type contractType = typeof(ICalculatorService);
Type implementedContract = typeof(CalculatorService);
Uri baseAddress = new Uri("https://localhost:8006/CalculatorService");
ServiceHost sh = new ServiceHost(implementedContract);
sh.AddServiceEndpoint(contractType, b, baseAddress);
//ServiceMetadataBehavior sm = new ServiceMetadataBehavior();
//sm.HttpsGetEnabled = true;
//sm.HttpsGetUrl = new Uri("https://localhost:8006/CalculatorServiceMex");
//sh.Description.Behaviors.Add(sm);
sh.Credentials.Peer.PeerAuthentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");
sh.Open();
Console.WriteLine("Service is Listening");
Console.ReadLine();
sh.Close();
下面是客戶端代碼
var b = new WSHttpBinding(SecurityMode.Transport);
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
b.Security.Message.ClientCredentialType = MessageCredentialType.None;
var factory = new ChannelFactory<ICalculatorService>(b);
factory.Credentials.Peer.PeerAuthentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");
var client = factory.CreateChannel(new EndpointAddress(new Uri("https://localhost:8006/CalculatorService")));
ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) =>
{
return true;
});
ICommunicationObject comObject = client as ICommunicationObject;
int result = -1;
try
{
comObject.Open();
result = client.Add(10, 2);
}
catch (Exception ex)
{
}
Console.WriteLine(string.Format("Service say 10 + 2 = {0}", -1));
Console.ReadLine();
服務運行正常,並且當ServicePointManager.ServerCertificateValidationCallback檢查沒有策略錯誤,建立正確的證書鏈。
我有我的受信任的根,並在TrustedPeople存儲的服務器/客戶端證書CA。另外,如果我從瀏覽器導航到網站,我會看到返回的頁面。沒有錯誤
我已經更新IIS來什麼,我認爲是必要的,在IIS 
,並通過以下命令行綁定的證書。 
我已經設置了SSL設置爲接受證書 
並啓用匿名身份驗證。 
有誰知道我沒有正確地做過什麼步驟或看到任何不妥之處?我一直收到相同的錯誤「HTTP請求被客戶端認證方案'Anonymous'禁止。」
我遇到了這個異常,但這是由於我的SSL證書過期。 – 2015-12-02 17:26:23
是否有任何替代IIS的WCF。我討厭IIS,有一天它工作,接下來它開始提供各種需要整天解決的錯誤。 – 2017-04-10 15:30:36