0
我使用Pluralsight Selfcert创建证书。当我在wcf服务中使用它时,它需要一个SecurityNegotiation异常。我搜索它并找到了解决方案。我在Web.config的clientCertificate中放入了certificateValidationMode =“None”,但问题没有解决。但如果我把这个命令放在客户端app.config问题上解决。但我不想更改我的客户端配置。为什么这个命令在服务器端不起作用?有没有其他方法?WCF SecurityNegotiationException当使用无证书证书验证方式
X.509证书CN = QtasCert chain building failed。使用的 证书具有无法验证的信任链。 替换证书或更改certificateValidationMode。 A 证书链已处理,但终止于信任提供商不信任的根证书 。
<services>
<service name="ArchiveBoundedContext.WcfService.WcfServices.ArchiveWcfService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="QTasBinding" name="QTasEndpoint" contract="ArchiveBoundedContext.WcfService.WcfServices.IArchiveWcfService" />
<endpoint address="mex" binding="mexTcpBinding" name="QTasMex" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:808/WcfServices/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="SuccessOrFailure" messageAuthenticationAuditLevel="SuccessOrFailure" suppressAuditFailure="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ArchiveBoundedContext.WcfService.ServiceAuthenticator, ArchiveBoundedContext.WcfService" />
<serviceCertificate findValue="QtasCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</clientCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="UseAspNetRoles" />
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
也许它不会在服务器端运行的原因是,它是在客户端,这个特殊的验证发生:)你可以导入证书的受信任根存储在客户端机器来消除这种错误。 –