Wcf自我托管服务与X.509证书连接错误

2018-07-04 10:43:34

我在Windows XP上运行了自己托管的Wcf服务，并试图使用证书来保护邮件安全。这是通过服务和客户端配置文件完成的。服务和客户端都在同一台计算机上运行，并且我已经为使用makecert.exe的两者创建了证书。这工作得很好，当我有clientCredentialType =“Windows”，但当我修改配置文件使用证书不再起作用。问题是，当我尝试从客户端连接到服务时，我收到以下异常：

异常类型：System.ServiceModel.Security.SecurityNegotiationException，System.ServiceModel，Version = 3.0.0.0，Culture = neutral，PublicKeyToken = b77a5c561934e089

消息：传入二进制协商具有无效的ValueType http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego。

我的配置设置是：

服务配置：

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBinding0" closeTimeout="00:10:00" sendTimeout="00:10:00">
          <security>
            <!-- <transport clientCredentialType="Certificate"/> -->
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="CommMgr.ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
            <!--
              <authentication certificateValidationMode="PeerTrust"/>
              -->
              <authentication certificateValidationMode="None"/>
            </clientCertificate>           
            <serviceCertificate findValue="WcfServer" storeLocation="CurrentUser"
              storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="CommMgr.Service" behaviorConfiguration="CommMgr.ServiceBehavior">
        <endpoint address="http://localhost:8002/Service"
                  binding="wsHttpBinding"
                  name="DataService"
                  bindingNamespace="CommMgr"
                  contract="CommMgr.Service"
                  bindingConfiguration="wsHttpBinding0">
          <!--
          <identity>
            <dns value="localhost"/>
          </identity>  
          -->
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8080/Service/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <connectionStrings>
</configuration>

客户端配置：

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_Service" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="16384" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <!-- <transport clientCredentialType="Certificate"/> -->
                      <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
                      <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
                                 algorithmSuite="Default" establishSecurityContext="true"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
      <behaviors>
        <endpointBehaviors>
          <behavior name="ClientCertificateBehavior">
            <clientCredentials>
              <clientCertificate findValue="WcfClient" storeLocation="CurrentUser"
                storeName="My" x509FindType="FindBySubjectName" />
              <serviceCertificate>
                <!--
                <authentication certificateValidationMode="PeerTrust"/>
                -->
                <authentication certificateValidationMode="None"/>
              </serviceCertificate>              
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
        <client>
            <endpoint address="http://localhost:8080/Service" behaviorConfiguration="ClientCertificateBehavior"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Service"
                contract="ServiceReference.Service" name="WSHttpBinding_Service">
                <identity>
                    <!-- <dns value="WcfServer" /> -->
                  <certificate encodedValue="MIIBuTCCAWOgAwIBAgIQD6mW56bjgapOill7ECgRMzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0xMDA3MjAxODMwMThaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdjZkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv2p/0NDo4iZU35gN+k7nGXe0LZWdnP9i4MHYD3IsFcZGIamMyXwRT8//3jx+1fs1xEb+8+QbZuj8TXt/7aX6x2kz2O5tynuholP35iObDqOd7nYSXN+70QDrZ/uktPOkLrw/nfrA8sK0aZCZjfiINHCRt/izJIzESOGzDOh1if0CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EALA+gVZDyjk4+qL7zAEV8esMX38X5QKGXHxBdd6K1+xApnSU79bRCWI9xU+HZ4rRhRJgtOdGQ1qfc9/WfvWXcYw=="/>
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

尝试关闭绑定中的negotiateServiceCredential设置：

<wsHttpBinding>
  <binding >
    <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false" />
    </security>
  </binding>
</wsHttpBinding>

链接地址: http://www.djcxy.com/p/95925.html

上一篇: Wcf self hosted service with X.509 certificate connection error

下一篇: WCF Authentication Error