WCF证书身份验证

本文关键字：身份验证证书 WCF | 更新日期: 2023-09-27 18:00:50

在使用证书实现wcf安全性时，我面临以下错误。

由于与远程终结点的安全协商失败，无法打开安全通道。这可能是由于用于创建通道的EndpointAddress中缺少EndpointIdentity或指定不正确

我已经将证书放入"受信任的人员"中。

这看起来像是身份问题，我已经尝试在服务和客户端配置中设置身份，但仍然不起作用。

以下是配置详细信息。

服务配置

<bindings>
      <wsHttpBinding>
        <binding name="WSHTTP">
          <security mode="Message">
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
<service name="WCFCertificateAuth.Service1">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
          bindingName="WSHTTP" contract="WCFCertificateAuth.IService1">
          <!--<identity>
            <dns value="WCfServer"/>
          </identity>-->
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
<behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
            <serviceCertificate findValue="WCfServer" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

客户端配置

<bindings>
            <wsHttpBinding>
                <binding name="WSHTTP_IService1" sendTimeout="00:05:00">
                    <security mode="Message">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
<client>
 <endpoint address="http://localhost:8733/WCFCertificateAuth/Service1/"
                binding="wsHttpBinding" bindingConfiguration="WSHTTP_IService1"
                contract="IService1" name="WSHTTP_IService1">
                <identity>
                    <dns value="WCfServer" />
                </identity>
 </endpoint>
 </client> 
<behaviors>
        <endpointBehaviors>
          <behavior>
            <clientCredentials>
              <serviceCertificate>
                <authentication certificateValidationMode="PeerTrust"/>
              </serviceCertificate>
              <clientCertificate findValue="WCfClient" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/> 
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
</behaviors>

WCF证书身份验证

我删除了标识标签，并在地址字段中使用机器的全名来代替"localhost"及其正常工作。希望这对任何出现上述错误的人都有帮助。