在 WCF 中使用 NetTcpBinding 在自托管服务中配置传输安全时出现异常
Exception in configuring Transport Security in Self Hosted Service using NetTcpBinding in WCF
这是服务端的配置:
<endpoint binding="netTcpBinding" bindingConfiguration="TcpBinding" contract="a"></endpoint>
<binding name="TcpBinding">
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" clientCredentialType="None">
</transport>
</security>
<reliableSession enabled="false"/>
</binding>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="73 b9 d8 98 8d b6 54 bf fb ff 21 0b ac fc 04 19 37 16 71 5f" x509FindType="FindByThumbprint" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
我已经按照此 link 创建了一个自签名证书:
https://msdn.microsoft.com/en-us/library/ff648498.aspx
首先,我创建了一个证书,我将其作为根证书颁发机构安装在受信任的根证书颁发机构中 - 名为 'RootCA'。然后,我创建了另一个用 'RootCA' 签名的自签名证书,该证书颁发给 'localhost'.
在客户端,我使用与服务端相同的配置元素。打开代理时,我收到以下异常:
System.ServiceModel.Security.SecurityNegotiationException The X.509
certificate CN=localhost chain building failed. The certificate that
was used has a trust chain that cannot be verified. Replace the
certificate or change the certificateValidationMode. The revocation
function was unable to check revocation for the certificate.
制作这个 运行 还需要什么?
include this in your client side in endpoint behaviours
<endpointBehaviors>
<behavior name="clientBehave">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
这是服务端的配置:
<endpoint binding="netTcpBinding" bindingConfiguration="TcpBinding" contract="a"></endpoint>
<binding name="TcpBinding">
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" clientCredentialType="None">
</transport>
</security>
<reliableSession enabled="false"/>
</binding>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="73 b9 d8 98 8d b6 54 bf fb ff 21 0b ac fc 04 19 37 16 71 5f" x509FindType="FindByThumbprint" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
我已经按照此 link 创建了一个自签名证书: https://msdn.microsoft.com/en-us/library/ff648498.aspx
首先,我创建了一个证书,我将其作为根证书颁发机构安装在受信任的根证书颁发机构中 - 名为 'RootCA'。然后,我创建了另一个用 'RootCA' 签名的自签名证书,该证书颁发给 'localhost'.
在客户端,我使用与服务端相同的配置元素。打开代理时,我收到以下异常:
System.ServiceModel.Security.SecurityNegotiationException The X.509 certificate CN=localhost chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation for the certificate.
制作这个 运行 还需要什么?
include this in your client side in endpoint behaviours
<endpointBehaviors>
<behavior name="clientBehave">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>