我有一個WCF服務託管在IIS上。此服務使用wsHttpBinding X509認證身份驗證和一切正常。現在我需要從Windows 2000機器訪問此服務,問題是Framework 2.0不支持wsHttpBinding身份驗證,但只支持basicHttpBinding。從Windows 2000 WCF客戶端
我的問題:
是否有可能暴露在相同的服務兩個不同的端點(WsHttpBinding的SSL認證X509和匿名basicHttpBinding的)(又名IIS應用程序)?
是不可能性寫一個Windows 2000客戶端應用程序通過的wsHttpBinding X509身份驗證連接到WCF服務(任何語言接受)
<behaviors> <serviceBehaviors> <behavior name="CertBehavior"> <serviceMetadata httpsGetEnabled="False"/> <serviceCredentials> <serviceCertificate findValue="CertServices" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/> <clientCertificate> <authentication certificateValidationMode="PeerTrust"/> </clientCertificate> </serviceCredentials> </behavior> <behavior name="AnonBehavior"> <serviceMetadata httpGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="true"/> </behavior> </serviceBehaviors> </behaviors> <services> <service name="Server.Service1" behaviorConfiguration="CertBehavior"> <host> <baseAddresses> <add baseAddress="http://192.168.1.112:8732/Service"/> <add baseAddress="https://192.168.1.112/Service"/> </baseAddresses> </host> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="CertBinding" contract="Server.IService1"/> </service> </services>
////////// ////////////////////////////////////////////////// ///////////////////////////////
我已經嘗試此配置:
<behaviors>
<endpointBehaviors>
<behavior name="basicHttpBehavior"/>
<behavior name="certWsBehavior">
<clientCredentials>
<clientCertificate findValue="Services" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="Services" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="Server.Service1">
<clear />
<endpoint address="" behaviorConfiguration="certWsBehavior" binding="wsHttpBinding" contract="Server.IService1">
</endpoint>
<!--endpoint address="/basic" binding="basicHttpBinding" bindingConfiguration="BasicAnonBinding" contract="Server.IService1" /-->
<host>
<baseAddresses>
<add baseAddress="http://192.168.1.112:8732/PcrService" />
<add baseAddress="https://192.168.1.112/PcrService" />
</baseAddresses>
</host>
</service>
</services>
個
千恩萬謝, 裏卡多
謝謝,但我的問題是我爲所有端點配置定義了一個'serviceBehaviors'(請參閱代碼)。相反,我必須定義一個沒有X509認證且沒有ssl加密的新端點。我怎樣才能得到這個? – Riccardo 2012-07-27 08:15:42
您應該使用endpointBehavior而不是serviceBehavior並將X509證書僅應用於第一個端點。 – 2012-07-27 08:21:11
我已經試圖定義一個終點行爲,但它不起作用。你能告訴我新代碼有什麼問題嗎?我怎樣才能在IIS中設置ssl配置? (需要,接受,忽略??)謝謝。 – Riccardo 2012-07-27 08:50:56