我正在尝试让WCF服务器和客户端使用BasicHttpBinding在传输级别上使用SSL证书相互进行身份验证.以下是创建服务器的方式:
var soapBinding = new BasicHttpBinding() { Namespace = "http://test.com" }; soapBinding.Security.Mode = BasicHttpSecurityMode.Transport; soapBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; var sh = new ServiceHost(typeof(Service1),uri); sh.AddServiceEndpoint(typeof(IService1),soapBinding,""); sh.Credentials.ServiceCertificate.SetCertificate( StoreLocation.LocalMachine,StoreName.My,X509FindType.FindBySubjectName,"localhost"); sh.Open();
这是客户:
var binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; var service = new ServiceReference2.Service1Client(binding,new EndpointAddress("https://localhost:801/Service1")); service.ClientCredentials.ClientCertificate.SetCertificate( StoreLocation.LocalMachine,"localhost"); service.ClientCredentials.ServiceCertificate.Authentication. CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust; service.HelloWorld();
localhost的证书位于Personal,Trusted Root和Trusted 3rd Party容器中. Internet Explorer可以连接到主机并查看WSDL.此外,SSL调用与ClientCredentialType = HttpClientCredentialType.None一起正常工作
HelloWorld()失败:
System.ServiceModel.Security.MessageSecurityException occurred<br/> Message="The HTTP request was forbidden with client authentication scheme 'Anonymous'."
这是一个重新抛出的异常:“远程服务器返回错误:(403)Forbidden.”
如何解决wtf正在进行?
解决方法
在设置Security.Mode之后尝试在客户端中添加此项:
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;