WCF：配置消息安全编程

Question

我编码的Azure的WCF服务总线的服务，这是通过编程配置为使用证书，有消息安全：但是

 ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp; 

     // create the service URI based on the service namespace 
     Uri address = ServiceBusEnvironment.CreateServiceUri("sb", ConfigurationManager.AppSettings["serviceNamespace"], "TestService"); 

     // create the credentials object for the endpoint 
     TransportClientEndpointBehavior sharedSecretServiceBusCredential = new TransportClientEndpointBehavior(); 
     sharedSecretServiceBusCredential.TokenProvider = TokenProvider.CreateSharedSecretTokenProvider(ConfigurationManager.AppSettings["issuerName"], ConfigurationManager.AppSettings["issuerSecret"]); 

     //Create and bind the serviceEndpoint 
     ContractDescription contractDescription = ContractDescription.GetContract(typeof(ITestContract), typeof(TestServiceImpl)); 
     ServiceEndpoint serviceEndPoint = new ServiceEndpoint(contractDescription); 
     serviceEndPoint.Address = new EndpointAddress(address);  

     var NetTcpRelayBinding = new NetTcpRelayBinding(EndToEndSecurityMode.TransportWithMessageCredential, RelayClientAuthenticationType.RelayAccessToken);    
     NetTcpRelayBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; //The serivice will check the TrustedPeople store for the client 
     serviceEndPoint.Binding = NetTcpRelayBinding; 
     serviceEndPoint.Behaviors.Add(sharedSecretServiceBusCredential); 

     Host = new ServiceHost(typeof(TestServiceImpl), address); 

     //Add a service certificate    
     Host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; 
     Host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My,X509FindType.FindByThumbprint,"E86870F0118CE39D771A49B9337C28444F3C7348");    

     // create the service host reading the configuration 
     Host.Description.Endpoints.Add(serviceEndPoint); 

我能得到这个服务启动和运行， ，任何客户端），只有ServiceBus SharedSecret，clientCredentials未设置为使用任何证书）能够无误地调用我的服务。 上述代码是否足以表明证书（并且只有证书基础授权）应该用于消息安全？ 有关以编程方式配置WCF消息安全的好文章？

Answer 1

原来，睡眠不足是罪魁祸首，我正在运行较旧版本的服务。没有任何证书客户端执行错误输出（与System.ServiceModel.ProtocolException了未处理消息=错误，而读消息的流的第1位（状态帧格式：开始）
甲正确编码了客户端，这是：

 ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp; 

     string serviceNamespace = "valid-namespace"; 
     string issuerName = "owner"; 
     string issuerSecret = "validSecret"; 

     // create the service URI based on the service namespace 
     Uri serviceUri = ServiceBusEnvironment.CreateServiceUri("sb", serviceNamespace, "valid-namespace"); 

     // create the credentials object for the endpoint 
     TransportClientEndpointBehavior sharedSecretServiceBusCredential = new TransportClientEndpointBehavior(); 
     sharedSecretServiceBusCredential.CredentialType = TransportClientCredentialType.SharedSecret; 
     sharedSecretServiceBusCredential.Credentials.SharedSecret.IssuerName = issuerName; 
     sharedSecretServiceBusCredential.Credentials.SharedSecret.IssuerSecret = issuerSecret; 


     ChannelFactory<ITestChannel> channelFactory = new ChannelFactory<ITestChannel>(); 
     channelFactory.Endpoint.Address = new EndpointAddress(serviceUri); 
     var NTRB = new NetTcpRelayBinding(); 
     NTRB.Security.Mode = EndToEndSecurityMode.TransportWithMessageCredential; 
     NTRB.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; 
     channelFactory.Endpoint.Binding = NTRB; 
     channelFactory.Endpoint.Contract.ContractType = typeof(ITestChannel); 
     // apply the Service Bus credentials 
     channelFactory.Endpoint.Behaviors.Add(sharedSecretServiceBusCredential); 

     //Question : Why doesn't use of the following line effect Service-Validation ? I can successfully call the service from a machine where the server's certificate does NOT exist in the trusted-people store   
     //channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust; 

     channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "valid-thubmprint"); 
     // create and open the client channel   
     ITestChannel channel = channelFactory.CreateChannel(); 

     Console.WriteLine(channel.ServiceMethod()); 
     Console.ReadKey(); 
     channel.Close(); 
     channelFactory.Close(); 

还有总是被认为有效的ServiceCertificate的问题，即使PeerTrust用于channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode和服务证书不在TrustedPeople商店。 任何的想法，为什么这个发生？