2012-04-20 159 views
1

我想創建一個customBinding調用帶有SOAP 1.2,TLS和客戶端證書的Web服務。因爲我不能忍受,所以這隻適用於customBindingWCF custombinding與客戶端證書

我已經定義了以下行爲:

<behaviors> 
    <endpointBehaviors> 
     <behavior name="TehRightBehaviour"> 
      <clientCredentials> 
       <serviceCertificate> 
        <defaultCertificate findValue="WebInterface" x509FindType="FindBySubjectName" /> 
        <authentication revocationMode="NoCheck" certificateValidationMode="None" /> 
       </serviceCertificate> 
      </clientCredentials> 
     </behavior> 
    </endpointBehaviors> 
</behaviors> 

客戶確實發現該證書,如果我指定一個錯誤的名字,它會引發和錯誤。我綁定的樣子:

<customBinding> 
    <binding name="TehRealBinding"> 
     <transactionFlow /> 
     <textMessageEncoding messageVersion="Soap12" /> 
     <security authenticationMode="MutualCertificate" /> 
     <httpsTransport requireClientCertificate="true" /> 
    </binding> 
</customBinding> 

我在終點喜歡結合起來:

<client> 
    <endpoint address="https://hestia1:8081/cm/main" 
     behaviorConfiguration="TehRightBehaviour" 
     binding="customBinding" 
     bindingConfiguration="TehRealBinding" 
     contract="BrightMain.CMMainService" 
     name="cmmain" /> 
</client> 

的問題是,如果我調用Web服務時,它拋出一個異常說

」未提供客戶端證書,請在ClientCredentials中指定客戶端證書。「

我發現有幾點要指定證書,顯然我使用的是錯誤的。所以我的問題是:哪個是正確的?

由於提前, 克里斯托夫

編輯:或許,我應該學會閱讀,因爲指定<serviceCertificate>是obivously不suffictient。我現在會檢查這個...

回答

2

我應該是這個樣子

<behavior name="TehRightBehaviour"> 
    <clientCredentials> 
     <!-- clientCertificate not defaultCertificate --> 
     <clientCertificate findValue="WebInterface" x509FindType="FindBySubjectName" /> 
     <serviceCertificate> 
      <authentication revocationMode="NoCheck" certificateValidationMode="None" /> 
     </serviceCertificate> 
    </clientCredentials> 
</behavior> 
+1

我發現自己在此期間,太。另外:至少在我的情況下,標籤中的也是必需的。 – Christoph 2012-04-20 09:40:31

1

我安裝的證書在「個人」,並使用下面的代碼,它爲我工作。

X509Store keystore = new X509Store(StoreName.My, StoreLocation.CurrentUser);    
keystore.Open(OpenFlags.ReadOnly); 

var certificates = keystore.Certificates; 
foreach (var certificate in certificates) 
{ 
    var friendlyName = certificate.FriendlyName; 
    var xname = certificate.GetName(); 
} 
X509Certificate certificatex = certificates[0]; 
X509Certificate2Collection certs = keystore.Certificates.Find(X509FindType. 
      FindBySubjectName, "Name of subject", false); 

,然後你將通過它在您的客戶端請求

xyzClient.ClientCredentials.ClientCertificate.Certificate = certs[0];