0
編輯:我有點忘了這個問題!我最終重映射配置,錯誤消失了,我找不到原因。WCF錯誤「HTTP請求被禁止客戶認證方案'匿名'」
我有一個託管在IIS上的WCF服務,以及試圖連接到它的Windows窗體客戶端。
WCF服務應該是安全的,所以IIS web應用程序被配置爲使用頒發給我們的開發環境的「本地主機」域(在域中的CA)頒發的證書。
IIS上的SSL設置被設置爲「Require SSL」和「Client certificates = Require」。
的WCF服務使用自定義綁定,並在web.config的配置如下:
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
</diagnostics>
<services>
<service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<!--<host>
<baseAddresses>
<add baseAddress="http://localhost:8999/" />
</baseAddresses>
</host>-->
</service>
</services>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration">
<MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SpecificBehaviorType">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
爲了使客戶端能夠連接到服務,我們將「localhost」證書導出爲「localhost.cer」文件,並在我們的代碼中使用該文件(這應該是另一個特定於客戶端的可信證書,但w e正在使用本地主機進行測試)。 客戶端配置是以編程方式完成的(根據我的知識,這裏沒有具體的原因)。
的客戶端代碼如下:
Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
'TODO: set quotas for message size
Dim binding As New CustomBinding()
binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
'TODO: make configurable to support both http and https
If isHttps Then
Dim httpsBinding As New HttpsTransportBindingElement
binding.Elements.Add(httpsBinding)
Else
Dim transport As New HttpTransportBindingElement()
binding.Elements.Add(transport)
End If
Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))
channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))
If isHttps Then
For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
Exit For
End If
Next
End If
channelFactory.Open()
Dim channel = channelFactory.CreateChannel()
channel.Open()
現在的問題是,一旦我們嘗試建立連接,我們得到
「HTTP請求被客戶端身份驗證方案‘匿名’禁止」我們試圖改變:
httpsBinding.AuthenticationScheme
,但沒有用。
我錯過了什麼?