0
您好自定義WCF客戶端證書,通過SSL驗證
我試圖使用WCF做一些認證:
- 驗證使用用戶名/ Passoword
- 用戶使用驗證客戶端客戶證書
- 自定義接受哪個根證書
一些試驗和錯誤後,我設法得到1分2 &工作,但我被困在3這是我的服務配置
<system.serviceModel>
<behaviors>
<endpointBehaviors />
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="WcfService1.Service1">
<endpoint address="" binding="customBinding" bindingConfiguration="certificate"
contract="WcfService1.IService1" />
</service>
</services>
</system.serviceModel>
,這是我的客戶端配置
<client>
<endpoint name="service1" address="https://localhost:443/WcfService1/Service1.svc" binding="customBinding"
bindingConfiguration="certificate" behaviorConfiguration="certificate" contract="WcfService1.IService1" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="certificate">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName"
findValue="SignedByCA" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors />
</behaviors>
<bindings>
<customBinding>
<binding name="certificate">
<security authenticationMode="UserNameOverTransport" />
<textMessageEncoding messageVersion="Soap12WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
使用客戶端和附加用戶名憑證很好地工作
var channelFactory = new ChannelFactory<IService1>("service1");
var user = channelFactory.Credentials.UserName;
user.UserName = username;
user.Password = password;
使用OperationContext.Current.ServiceSecurityContext.Aut horizationContext.ClaimSets使我可以訪問證書的用戶名和名稱以及指紋。可悲的是,我無法找到證書的IssuerName。我還可以如何禁止沒有由某個根證書頒發的證書的客戶端?
任何提示點我到正確的方向或任何替代品大受歡迎;)
感謝
您可以檢查是用來限制訪問某些證書撤銷 – Rajesh 2012-08-15 12:18:28