WFC X509證書並不WsHttpBinding的由於缺少私鑰

Question

同仁攜手，

當我嘗試在.CER文件使用X509證書與公鑰，我發現了以下異常：

{ 「證書‘CN =名稱’必須有一個私鑰，這個過程必須有私鑰的訪問權限。」}

下面是我使用的設置證書的客戶端代碼。注意它是基於文件的。

var cert = new X509Certificate2(@"C:\mycert.cer"); 
credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; 
credentials.ClientCertificate.Certificate = cert; 

主機代碼：

namespace Host 
{ 
    class Program 
    { 
     static void Main(string[] args) 
     { 
      using (ServiceHost host = new ServiceHost(typeof(HelloIndigo.HelloIndigoService), 
       new Uri("http://localhost:8000/HelloIndigo"))) 
      { 
       host.Open(); 

       Console.WriteLine("Service is listening..."); 
       Console.WriteLine(); 

       Console.WriteLine("Number of base addresses: {0}", host.BaseAddresses.Count); 
       foreach (Uri uri in host.BaseAddresses) 
       { 
        Console.WriteLine("\t{0}", uri.ToString()); 
       } 

       Console.WriteLine(); 
       Console.WriteLine("Number of dispatchers (listeners): {0}", host.ChannelDispatchers.Count); 
       foreach (ChannelDispatcher dispatcher in host.ChannelDispatchers) 
       { 
        Console.WriteLine("\t{0}, {1}", dispatcher.Listener.Uri.ToString(), dispatcher.BindingName); 
       } 

       Console.WriteLine(); 
       Console.WriteLine("Press <ENTER> to terminate the host application"); 
       Console.ReadLine(); 

      } 
     } 
    } 
} 

主機的App.config：

<?xml version="1.0"?> 
<configuration> 
    <system.serviceModel> 
     <services> 
      <service name="HelloIndigo.HelloIndigoService" behaviorConfiguration="serviceBehavior"> 
       <endpoint contract="HelloIndigo.IHelloIndigoService" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding"/> 
       <endpoint contract="IMetadataExchange" binding="wsHttpBinding" bindingConfiguration="mexBinding" address="mex"/> <!-- --> 
      </service> 
     </services> 
    <bindings>  
     <wsHttpBinding> 
     <binding name="mexBinding"> 
      <security mode="Message"> 
      <message clientCredentialType="Certificate"/>    
      </security> 
     </binding> 
     <binding name="wsHttpBinding"> 
      <security mode="Message"> 
      <message clientCredentialType="Certificate"/>    
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
     <behaviors> 
      <serviceBehaviors> 
       <behavior name="serviceBehavior"> 
        <serviceMetadata httpGetEnabled="true"/> 
        <serviceCredentials> 
         <clientCertificate>    
          <authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine"/> 
         </clientCertificate> 
         <serviceCertificate findValue="name" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>      
        </serviceCredentials> 
       </behavior> 
      </serviceBehaviors> 
     </behaviors> 
     <diagnostics performanceCounters="ServiceOnly" wmiProviderEnabled="true"> 
      <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="100000"/> 
     </diagnostics> 
    </system.serviceModel> 
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration> 

我得到它的工作是產生與公鑰/私鑰和密碼PFX證書的唯一途徑，但我認爲這不是安全有密碼圍繞在客戶端上所有的時間。有沒有辦法只使用公鑰兌服務驗證客戶端？

Answer 1

回答我的問題是，要保證私鑰，這顯然是最上面的問題，在這裏使用基於文件的客戶端證書將要求其首先被導入到店，然後用它從商店的安全性通過API查找。