1. 首頁
  2. 問答
  3. WCF服務接受任何舊證書

WCF服務接受任何舊證書

2012-10-03 176 views
1

我試圖設置此WCF服務只接受客戶端提交「測試01」證書時的請求。問題是它似乎接受來自同一機構的任何證書,例如「測試04」。WCF服務接受任何舊證書

如何拒絕所有未使用「Test 01」證書發送的請求?

<basicHttpBinding> 
    <binding 
     name="TestSecureBinding" 
     maxReceivedMessageSize="5242880"> 
     <security mode="Transport"> 
     <transport 
      clientCredentialType="Certificate"></transport> 
     </security> 
    </binding> 
    </basicHttpBinding> 

    <behavior name="TestCertificateBehavior"> 
     <serviceCredentials> 
     <clientCertificate> 
      <certificate 
      storeLocation="LocalMachine" 
      x509FindType="FindBySubjectName" 
      findValue="Test 01"/> 
      <authentication 
      certificateValidationMode="PeerTrust" 
      trustedStoreLocation="LocalMachine" 
      revocationMode="NoCheck"/> 
     </clientCertificate> 
     </serviceCredentials> 
    </behavior> 
    <service 
    name="IService" 
    behaviorConfiguration="TestCertificateBehavior"> 
    <endpoint 
     name="MyHttps" 
     address="https://localhost:443" 
     contract="IService" 
     binding="basicHttpBinding" 
     bindingConfiguration="TestSecureBinding"> 
    </endpoint> 
    <host> 
     <baseAddresses> 
     <add baseAddress="https://localhost:443"/> 
     </baseAddresses> 
    </host> 
    </service>

來源

2012-10-03 Fenton

+1

你必須寫一個自定義的證書驗證: [見這個問題] [1] [1]:http://stackoverflow.com/questions/1559915/custom-certificate-驗證功能於WCF服務 –

回答

0

沒有辦法在簡單的WCF配置中進行配置 - 您必須自行推出。

public class CertificateValidator : X509CertificateValidator 
{ 
    private string _expectedSubjectName; 

    public CertificateValidator(string expectedSubjectName) 
    { 
     _expectedSubjectName = expectedSubjectName; 
    } 

    public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) 
    { 
     if (certificate == null) 
     { 
      throw new ArgumentNullException("certificate"); 
     } 

     if (certificate.SubjectName.Name != _expectedSubjectName) 
     { 
      throw new SecurityTokenValidationException("Invalid certificate"); 
     } 
    } 
}

然後您可以連接到您的服務主機:Creating a service that employs a custom certificate validator

serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = 
       X509CertificateValidationMode.Custom; 
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = 
       new CertificateValidator(expectedCertificateName);

取之。

來源

2012-10-03 13:35:03 Fenton

相關問題

 相關問題