1
同仁攜手,WFC X509證書並不WsHttpBinding的由於缺少私鑰
當我嘗試在.CER文件使用X509證書與公鑰,我發現了以下異常:
{ 「證書‘CN =名稱’必須有一個私鑰,這個過程必須有私鑰的訪問權限。」}
下面是我使用的設置證書的客戶端代碼。注意它是基於文件的。
var cert = new X509Certificate2(@"C:\mycert.cer");
credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
credentials.ClientCertificate.Certificate = cert;
主機代碼:
namespace Host
{
class Program
{
static void Main(string[] args)
{
using (ServiceHost host = new ServiceHost(typeof(HelloIndigo.HelloIndigoService),
new Uri("http://localhost:8000/HelloIndigo")))
{
host.Open();
Console.WriteLine("Service is listening...");
Console.WriteLine();
Console.WriteLine("Number of base addresses: {0}", host.BaseAddresses.Count);
foreach (Uri uri in host.BaseAddresses)
{
Console.WriteLine("\t{0}", uri.ToString());
}
Console.WriteLine();
Console.WriteLine("Number of dispatchers (listeners): {0}", host.ChannelDispatchers.Count);
foreach (ChannelDispatcher dispatcher in host.ChannelDispatchers)
{
Console.WriteLine("\t{0}, {1}", dispatcher.Listener.Uri.ToString(), dispatcher.BindingName);
}
Console.WriteLine();
Console.WriteLine("Press <ENTER> to terminate the host application");
Console.ReadLine();
}
}
}
}
主機的App.config:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service name="HelloIndigo.HelloIndigoService" behaviorConfiguration="serviceBehavior">
<endpoint contract="HelloIndigo.IHelloIndigoService" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding"/>
<endpoint contract="IMetadataExchange" binding="wsHttpBinding" bindingConfiguration="mexBinding" address="mex"/> <!-- -->
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="mexBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="wsHttpBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine"/>
</clientCertificate>
<serviceCertificate findValue="name" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics performanceCounters="ServiceOnly" wmiProviderEnabled="true">
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="100000"/>
</diagnostics>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
我得到它的工作是產生與公鑰/私鑰和密碼PFX證書的唯一途徑,但我認爲這不是安全有密碼圍繞在客戶端上所有的時間。有沒有辦法只使用公鑰兌服務驗證客戶端?