如何使用makecert創建的WCF

接受了X509證書

誰能爲我提供關於如何創建一個自簽名證書的例子，這將通過下面的代碼被接受：如何使用makecert創建的WCF

 ServiceHost svh = new ServiceHost(typeof(MyClass)); 

     var tcpbinding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential, true); 
     //security 
     tcpbinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; 
     svh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new BWUserNamePasswordValidator(); 
     svh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode =UserNamePasswordValidationMode.Custom; 
     svh.Credentials.ServiceCertificate.Certificate = BookmarkWizSettings.TcpBindingCertificate; 
     .... 
     svh.Open();

我已經使用

makecert -pe myCertificate

和

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

和

makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange

，我一直試圖產生與BouncyCastle的證書，但每次我得到以下異常：

It is likely that certificate 'CN=Dev Certification Authority' may not have a 
private key that is capable of key exchange or the process may not have access 
rights for the private key. Please see inner exception for detail.

和內部異常是空的。

這可能有一個竅門，但我沒有得到它。

如何爲我的WCF服務生成適當的證書？

來源

2012-02-12 Arsen Zahray

的看看這個如何鏈接。 http://msdn.microsoft.com/en-us/library/ff648498.aspx – 2012-02-12 21:35:33

這個鏈接對我來說是最有幫助的。它遍歷所有步驟。 http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti – vikingben 2013-05-15 02:58:55

下面的代碼對我的作品的框架4.0：
在你LOCALMACHINE
手動安裝證書作爲可信證書爲了通過做到這一點，你可以安裝它只是從Internet Explorer是非常重要的第一打開服務器位置。

和第二 響應服務器錯誤，因爲自簽證書

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Text; 
using System.Security.Cryptography.X509Certificates; 
using System.Net; 
using System.Net.Security; 
namespace WCFSelfSignCert 
{ 
class Program 
{ 
    static void Main(string[] args) 
    { 
     //You have to install your certificate as trusted certificate in your LocalMachine 

     //create your service client/ procy 
     using (MyProxy.ServiceClient client = new MyProxy.ServiceClient()) 
     { 

      //server certification respond with an error, because doesnt recognize the autority 
      ServicePointManager.ServerCertificateValidationCallback += OnServerValError; 


      //Assign to self sign certificate 
      client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, 
      StoreName.Root, 
      X509FindType.FindBySubjectName, 
      "MY custom subject name"); //SubjectName(CN) from certificate 

      //make a test call to ensure that service responds 
      var res = client.echo("test"); 

      Console.WriteLine(res); 
      Console.ReadKey(); 
     } 

    } 

    public static bool OnServerValError(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
    { 
     //mute the error, or provide some custom validation code 
     return true; 

     //or more restrictive 

     // if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch) 
     //{ 


     // return true; 
     // } 
     // else 
     //{ 

     // return false; 
     // } 
    } 

    } 
}

來源

2013-05-19 15:53:20 KZIA

如何使用makecert創建的WCF

回答

相關問題