6
有自 - 承载的WCF服务器(非IIS),并且使用命令行一样自我 - 托管WCF服务器和SSL
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=SecureClient -sky exchange -pe
makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=SecureServer -sky exchange -pe
这些证书添加到服务器生成证书(在Win XP的)代码是这样的:
serviceCred.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "SecureServer");
serviceCred.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "SecureClient");
经过前面的所有操作,我创建了简单的客户端来检查到服务器的SSL连接。
客户端配置:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAdminContract" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://myhost:8002/Admin" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IAdminContract" contract="Admin.IAdminContract"
name="BasicHttpBinding_IAdminContract" />
</client>
</system.serviceModel>
</configuration>
代码:
Admin.AdminContractClient client = new AdminContractClient("BasicHttpBinding_IAdminContract");
client.ClientCredentials.UserName.UserName = "user";
client.ClientCredentials.UserName.Password = "pass";
var result = client.ExecuteMethod()
在执行过程中会收到一个错误:
The provided URI scheme 'https' is invalid; expected 'http'.\r\nParameter name: via
问:如何启用SSL进行自托管的服务器在哪里我应该为客户端和服务器设置证书吗? 谢谢。
收到此更改后,我收到: 将HTTP请求发送到https:// myhost:8002/Admin时发生错误。这可能是由于在HTTPS情况下服务器证书未使用HTTP.SYS正确配置。这也可能是由于客户端和服务器之间的安全绑定不匹配造成的。 – jitm 2010-06-16 11:16:08
你可以用你的服务器的servicemodel config更新帖子 – 2010-06-16 11:37:26
我一定会看看[WCF Codeplex上的WCF安全指南](http://wcfsecurityguidance.codeplex.com/)。特别是,[本页谈到证书认证](http://wcfsecurity.codeplex.com/wikipage?title=How%20To%20-%20Use%20Certificate%20Authentication%20and%20Message%20Security%20in%20WCF%20calling %20from%20Windows%20Forms&referringTitle =如何%20Tos)。 – 2010-06-16 11:44:37