1. 首頁
  2. 問答
  3. 通過SSL驗證

通過SSL驗證

2012-08-15 121 views
0

您好自定義WCF客戶端證書,通過SSL驗證

我試圖使用WCF做一些認證:

  • 驗證使用用戶名/ Passoword
  • 用戶使用驗證客戶端客戶證書
  • 自定義接受哪個根證書

一些試驗和錯誤後,我設法得到1分2 &工作,但我被困在3這是我的服務配置

<system.serviceModel> 
    <behaviors> 
     <endpointBehaviors /> 
     <serviceBehaviors> 
      <behavior name="MyBehavior"> 
       <serviceCredentials> 
        <userNameAuthentication userNamePasswordValidationMode="Custom" 
              customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1" /> 
       </serviceCredentials>      
       <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" /> 
       <serviceDebug includeExceptionDetailInFaults="true" /> 
      </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <bindings> 
     <customBinding> 
      <binding name="certificate"> 
       <security authenticationMode="UserNameOverTransport" /> 
       <textMessageEncoding messageVersion="Soap12WSAddressing10" /> 
       <httpsTransport requireClientCertificate="true" /> 
      </binding> 
     </customBinding> 
    </bindings> 
    <services> 
     <service behaviorConfiguration="MyBehavior" name="WcfService1.Service1"> 
      <endpoint address="" binding="customBinding" bindingConfiguration="certificate" 
         contract="WcfService1.IService1" /> 
     </service> 
    </services> 
</system.serviceModel>

,這是我的客戶端配置

<client> 
     <endpoint name="service1" address="https://localhost:443/WcfService1/Service1.svc" binding="customBinding" 
        bindingConfiguration="certificate" behaviorConfiguration="certificate" contract="WcfService1.IService1" /> 
    </client> 
    <behaviors> 
     <endpointBehaviors> 
      <behavior name="certificate"> 
       <clientCredentials> 
        <clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" 
             findValue="SignedByCA" /> 
       </clientCredentials> 
      </behavior> 
     </endpointBehaviors> 
     <serviceBehaviors /> 
    </behaviors> 
    <bindings> 
     <customBinding> 
      <binding name="certificate"> 
       <security authenticationMode="UserNameOverTransport" /> 
       <textMessageEncoding messageVersion="Soap12WSAddressing10" /> 
       <httpsTransport requireClientCertificate="true" /> 
      </binding> 
     </customBinding> 
    </bindings>

使用客戶端和附加用戶名憑證很好地工作

var channelFactory = new ChannelFactory<IService1>("service1"); 
var user = channelFactory.Credentials.UserName; 
user.UserName = username; 
user.Password = password;

使用OperationContext.Current.ServiceSecurityContext.Aut horizationContext.ClaimSets使我可以訪問證書的用戶名和名稱以及指紋。可悲的是,我無法找到證書的IssuerName。我還可以如何禁止沒有由某個根證書頒發的證書的客戶端?

任何提示點我到正確的方向或任何替代品大受歡迎;)

感謝

來源

2012-08-15 user644342

+0

您可以檢查是用來限制訪問某些證書撤銷 – Rajesh 2012-08-15 12:18:28

回答

0

其實,這是很容易的,但黑客攻擊。授權上下文中有一個身份列表。

OperationContext.Current.ServiceSecurityContext 
.AuthorizationContext.Properties["Identities"]

其中之一是X509Identity類型。那個是System.IdentityModel的內部,你不能直接獲取它。

identity.GetType().Name == "X509Identity"

這其實並不重要,因爲包含證書字段是私有的,反正:)

var field = identity.GetType().GetField(
    "certificate", 
    BindingFlags.GetField | BindingFlags.Instance | BindingFlags.NonPublic); 
var certificate = (X509Certificate2) field.GetValue(identity); 
string issuer = certificate.Issuer;

來源

2012-08-15 14:59:34 user644342

 相關問題

  • 暫無相關問題^_^