WCF和SSL相互认证403 - Forbidden:拒绝访问

本文关键字:Forbidden 拒绝访问 认证 SSL WCF | 更新日期: 2023-09-27 17:48:56

我创建了一个wcf数据服务,并通过HTTP公开它,需要SSL。我试图有一个设置,其中服务和客户端都通过证书(相互认证)进行身份验证。我正在使用开发人员证书。因此,我将服务器的证书添加到客户端的受信任人员存储中。

但是我仍然得到一个异常:"403 - Forbidden:访问被拒绝。"

1-这是我的服务器配置:

 <system.serviceModel>
    <bindings>
        <webHttpBinding>
            <binding name="webHttpBindingConfig">
                <security mode="Transport">
                    <transport clientCredentialType="Certificate" />
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
    </behaviors>
    <services>
        <service behaviorConfiguration="" name="PricingDataService">
            <endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
                binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
                name="webHttpEndpoint" contract="System.Data.Services.IRequestHandler" />
        </service>
    </services>

如何使服务器识别客户端的证书?(也应该是开发人员证书)。

2-这是我的客户端配置:

  <system.serviceModel>
    <bindings>
        <webHttpBinding>
            <binding name="webHttpBindingConfig">
                <security mode="Transport">
                    <transport clientCredentialType="Certificate" />
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="clientCredentialBehavior">
          <clientCredentials>
            <clientCertificate storeName="TrustedPeople" storeLocation="LocalMachine"
                                x509FindType="FindBySubjectName" findValue="tempClientcert" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <client>
        <endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
            binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
            contract="System.Data.Services.IRequestHandler" name="" kind=""
            endpointConfiguration="" behaviorConfiguration="clientCredentialBehavior">
            <identity>
              <dns value="MyServiceSecure"/>
            </identity>
        </endpoint>
    </client>
</system.serviceModel>
下面是我用来调用wcf代码的代码: 
> MyServiceContext service = new MyServiceContext (
            new Uri("https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"));
service.SendingRequest += this.OnSendingRequest_AddCertificate;

//
private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
    {
        if (null != ClientCertificate)
            (args.Request as HttpWebRequest).ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:'Localhost.cer"););
    }

我是否在服务器上创建证书,然后将其安装到客户端?

WCF和SSL相互认证403 - Forbidden:拒绝访问

我认为您的证书可能是错误的,但首先要在IIS中验证网站的"SSL设置"下的"客户端证书"设置为接受或要求(无论哪个最适合您)。

我相信,为了您的目的,在IIS中为服务器创建一个自签名证书,然后将该证书导出到。pfx文件并将其安装在您受信任的根目录中应该可以工作。

如果这对你没有帮助,我想看看这个问题:使用makecert开发SSL

相关文章: