0
我已經使用openssl創建了自定義證書頒發機構(CA)。然後我創建了使用前一個和來自IIS的請求的證書。所以現在我有證書鏈。然後我將第二個綁定到我的WCF服務,並且每件事情都很好。然後在客戶端上,我在受信任的根證書頒發機構中安裝了我的CA證書,以使其能夠識別我的自定義證書。 我的WCF服務目前運行在簡單的http連接上。 服務器端:WCF服務和自定義CA
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="SyncWcfServices.MainServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
<security mode="None">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
<endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
客戶端:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMainService" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00">
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMainService"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService" />
</client>
</system.serviceModel>
所以,我需要改變這個設置來支持SSL連接。我已經閱讀了很多文章,但是總是使用雙向認證檢查,意味着服務器必須檢查客戶端證書,並且客戶端必須檢查服務器證書。但我只希望客戶端使用我安裝的CA來檢查服務器證書。服務器將像以前一樣使用普通憑據(用戶名,密碼)進行檢查。我認爲我必須將安全模式更改爲雙向傳輸,並將mex端點服務器更改爲mexHttpsBinding,但接下來應該怎麼做?請幫助解決它。 謝謝大家!