我想組織客戶端和WCF服務之間的安全連接。必須確保客戶能夠信任該服務。Https證書錯誤,IIS上的WCF服務
我已經爲本地機器上的Trusted Root和Personal存儲創建了兩個證書。我可以在證書加載項中看到正確的證書路徑。 證書通用名是localhost。
我在IIS上添加了https綁定。
我有以下配置
行爲
<behavior name="AgencyTrustedServiceBehavior">
<dataContractSerializer maxItemsInObjectGraph="10000000" />
<serviceMetadata httpsGetEnabled="true" policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
綁定
<wsHttpBinding>
<binding name="InternetServiceBinding" closeTimeout="00:10:00"
openTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Mtom">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
</security>
</binding>
</wsHttpBinding>
端點
<service behaviorConfiguration="AgencyTrustedServiceBehavior" name="Megatec.MasterTourService.AuthService">
<endpoint address="Anonymous"
binding="wsHttpBinding"
bindingConfiguration="InternetServiceBinding"
name="Megatec.MasterTourService.Contracts.IAuthServiceAnonymous"
contract="Megatec.MasterTourService.Contracts.IAuthService">
</endpoint>
</service>
但是,該服務時,我嘗試訪問該服務B使用WCFTestClient Y,它拋出以下異常
There was no endpoint listening at http://localhost/IISTest/AuthService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. The remote server returned an error: (404) Not Found.
HTTP GET Error URI: http://localhost/IISTest/AuthService.svc The document at the url http://localhost/IISTest/AuthService.svc was not recognized as a known document type.The error message from each known type may help you fix the problem:
- Report from 'XML Schema' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'DISCO Document' is 'There was an error downloading 'https://dev4-10.megatec.ru/IISTest/AuthService.svc?disco'.'.
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
- The remote certificate is invalid according to the validation procedure.
- Report from 'http://localhost/IISTest/AuthService.svc' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
- Report from 'WSDL Document' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.
有什麼不好?
對於初學者,你不應該使用https嗎? –
我使用https。我已經爲IIS添加了https綁定(使用此證書),我嘗試訪問https://localhost/IISTest/AuthService.svc地址 –