1. 首頁
  2. 問答
  3. Wcf自我託管的服務與X.509證書連接錯誤

Wcf自我託管的服務與X.509證書連接錯誤

2010-07-21 75 views
3

我有一個自運行的Wcf服務在Windows XP上運行,並且正在嘗試使用證書進行消息安全。這是通過服務和客戶端配置文件完成的。服務和客戶端都在同一臺計算機上運行,​​並且我已經爲使用makecert.exe的兩者創建了證書。這工作得很好,當我有clientCredentialType =「Windows」,但當我修改配置文件使用證書不再起作用。問題是,當我嘗試連接到客戶端的服務時,出現以下異常:Wcf自我託管的服務與X.509證書連接錯誤

異常類型:System.ServiceModel.Security.SecurityNegotiationException,System.ServiceModel,Version = 3.0.0.0,Culture = neutral ,PublicKeyToken = b77a5c561934e089

消息:傳入二進制協商有無效ValueType http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

我的配置設置:

服務配置:

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="wsHttpBinding0" closeTimeout="00:10:00" sendTimeout="00:10:00"> 
      <security> 
      <!-- <transport clientCredentialType="Certificate"/> --> 
      <message clientCredentialType="Certificate"/> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="CommMgr.ServiceBehavior"> 
      <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceCredentials> 
      <clientCertificate> 
      <!-- 
       <authentication certificateValidationMode="PeerTrust"/> 
       --> 
       <authentication certificateValidationMode="None"/> 
      </clientCertificate>   
      <serviceCertificate findValue="WcfServer" storeLocation="CurrentUser" 
       storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <services> 
     <service name="CommMgr.Service" behaviorConfiguration="CommMgr.ServiceBehavior"> 
     <endpoint address="http://localhost:8002/Service" 
        binding="wsHttpBinding" 
        name="DataService" 
        bindingNamespace="CommMgr" 
        contract="CommMgr.Service" 
        bindingConfiguration="wsHttpBinding0"> 
      <!-- 
      <identity> 
      <dns value="localhost"/> 
      </identity> 
      --> 
     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost:8080/Service/" /> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    </system.serviceModel> 
    <connectionStrings> 
</configuration>

客戶端配置:

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
     <bindings> 
      <wsHttpBinding> 
       <binding name="WSHttpBinding_Service" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" 
        allowCookies="false"> 
        <readerQuotas maxDepth="32" maxStringContentLength="16384" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 
        <security mode="Message"> 
         <!-- <transport clientCredentialType="Certificate"/> --> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> 
         <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
           algorithmSuite="Default" establishSecurityContext="true"/> 
        </security> 
       </binding> 
      </wsHttpBinding> 
     </bindings> 
     <behaviors> 
     <endpointBehaviors> 
      <behavior name="ClientCertificateBehavior"> 
      <clientCredentials> 
       <clientCertificate findValue="WcfClient" storeLocation="CurrentUser" 
       storeName="My" x509FindType="FindBySubjectName" /> 
       <serviceCertificate> 
       <!-- 
       <authentication certificateValidationMode="PeerTrust"/> 
       --> 
       <authentication certificateValidationMode="None"/> 
       </serviceCertificate>    
      </clientCredentials> 
      </behavior> 
     </endpointBehaviors> 
     </behaviors> 
     <client> 
      <endpoint address="http://localhost:8080/Service" behaviorConfiguration="ClientCertificateBehavior" 
       binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Service" 
       contract="ServiceReference.Service" name="WSHttpBinding_Service"> 
       <identity> 
        <!-- <dns value="WcfServer" /> --> 
        <certificate encodedValue="MIIBuTCCAWOgAwIBAgIQD6mW56bjgapOill7ECgRMzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0xMDA3MjAxODMwMThaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdjZkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv2p/0NDo4iZU35gN+k7nGXe0LZWdnP9i4MHYD3IsFcZGIamMyXwRT8//3jx+1fs1xEb+8+QbZuj8TXt/7aX6x2kz2O5tynuholP35iObDqOd7nYSXN+70QDrZ/uktPOkLrw/nfrA8sK0aZCZjfiINHCRt/izJIzESOGzDOh1if0CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EALA+gVZDyjk4+qL7zAEV8esMX38X5QKGXHxBdd6K1+xApnSU79bRCWI9xU+HZ4rRhRJgtOdGQ1qfc9/WfvWXcYw=="/> 
       </identity> 
      </endpoint> 
     </client> 
    </system.serviceModel> 
</configuration>

來源

2010-07-21 Eling

回答

0

試着在你的綁定關閉negotiateServiceCredential設置:

<wsHttpBinding> 
    <binding > 
    <security mode="Message"> 
     <message clientCredentialType="UserName" negotiateServiceCredential="false" /> 
    </security> 
    </binding> 
</wsHttpBinding>

來源

2010-09-23 12:33:11 Shrike

相關問題

 相關問題