运行带证书的WCF服务时失败
本文关键字:服务 失败 WCF 行带 证书 运行 | 更新日期: 2023-09-27 18:15:34
我有一个windows服务托管WCF服务,配置如下:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="Carglass.Movil.Service.CarglassService" behaviorConfiguration="CarglassServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:9002/CarglassServiceAGI" />
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="Carglass.Movil.Service.ICarglassService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CarglassServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="CN=MWMWCF"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
证书安装在机器上,网络服务用户以本地管理员身份运行windows服务。已通过运行以下命令授予权限
netsh http add urlacl url=http://+:9002/CarglassServiceAGI user="NT AUTHORITY'NETWORK SERVICE"
…并且通过管理mmc.exe中的私钥,将"完全控制"赋予该用户。
但是每次我尝试运行我的服务时,我都得到以下异常:
系统。ArgumentException:很可能证书'CN=MWMWCF'可能没有能够进行密钥交换的私钥,或者进程可能没有访问私钥的权限。详情请参见内部异常。'r'n at system . servicemodel . security . securityytils。EnsureCertificateCanDoKeyExchange(X509Certificate2证书)'r'n at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager. createserverx509tokenprovider ()'r'n at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager。CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement)'r'n at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager. creatatelocalsecuritytokenprovider (RecipientServiceModelSecurityTokenRequirement)'r'nCreateSecurityTokenProvider(SecurityTokenRequirement需求)'r'n在System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager。CreateTlsnegoServerX509TokenProvider(RecipientServiceModelSecurityTokenRequirement)'r'n at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager。createetlsnegosecuritytokenauthenticator (RecipientServiceModelSecurityTokenRequirement, recipientRequirement, Boolean, requireClientCertificate, SecurityTokenResolver&sctResolver 'r'n at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager。securitytokenrequiretokenrequest, SecurityTokenResolver&'r'n在System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.SessionRenewSecurityTokenManager。securitytokenrequiretokenrequest, SecurityTokenResolver&'r'n在System.ServiceModel.Security.SymmetricSecurityProtocolFactory。OnOpen(TimeSpan timeout)'r'n在System.ServiceModel.Security.WrapperSecurityCommunicationObject。OnOpen(TimeSpan timeout)'r'n在System.ServiceModel.Channels.CommunicationObject。在System.ServiceModel.Security.SecurityProtocolFactory打开(TimeSpan timeout)'r'n。在System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.打开(Boolean actAsInitiator, TimeSpan timeout)'r'n。打开(TimeSpan timeout)'r'n在System.ServiceModel.Channels.SecurityChannelListener
1.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)'r'n at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)'r'n at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)'r'n at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)'r'n at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)'r'n at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)'r'n at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)'r'n at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)'r'n at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)'r'n at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)'r'n at System.ServiceModel.Channels.SecurityChannelListener。OnOpen(TimeSpan timeout)'r'n在System.ServiceModel.Channels.CommunicationObject。打开(TimeSpan timeout)'r'n在System.ServiceModel.Dispatcher.ChannelDispatcher。OnOpen(TimeSpan timeout)'r'n在System.ServiceModel.Channels.CommunicationObject。打开(TimeSpan timeout)'r'n在System.ServiceModel.ServiceHostBase。OnOpen(TimeSpan timeout)'r'n在System.ServiceModel.Channels.CommunicationObject。打开(TimeSpan timeout)'r'n at System.ServiceModel.Channels.CommunicationObject.Open()'r'n at MWM.Service.WindowsService.AGI.ServiceController。OnStart(String[] args) in c:'TeamCity'buildAgent'work'MWM-Refactor'MWM.Service'MWM.Service. windowsservice . agi ' serviceconcontroller .cs:line 45
如果我从配置中删除它,则可以正常工作:
<message clientCredentialType="Certificate"/>
这篇文章解释了如何正确构建您的证书以及如何安装它们以提供足够的权限以使所有证书都能正常工作:http://returnsmart.blogspot.co.uk/2015/10/how-to-create-your-own-signed.html