一種方法列表如下。
爲了舉辦您可能需要您的Web服務器上運行以下命令WCF服務:
"%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" -r –y
在IIS設置您的網站使用https綁定(只),並在SSL設置您將其設置爲需要SSL並需要客戶端證書。
僅此一項僅允許使用有效的客戶端證書和Web服務器信任的頒發者訪問您的服務(和wsdl)。
爲了限制訪問你可以設置你的WCF的配置文件與bindingConfiguration具體證書:
<basicHttpBinding>
<binding name="MyBasicHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
而且具有自定義證書驗證作爲behaviorConfiguration:
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom"
customCertificateValidatorType="<project-namespace>.ClientCertificateValidator, <project-namespace>"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
最後一點將項目中的新類自定義驗證器實現爲:
public class ClientCertificateValidator : X509CertificateValidator
{
public override void Validate(X509Certificate2 certificate)
{
if (certificate.Thumbprint != <allowed-thumbprint>)
throw new Exception();
}
}
來源
2011-07-28 06:38:03
lox