我想用服务器和客户端证书实现WCF服务。
当我尝试连接到IIS上的服务时,会出现以下错误:
试验方法
测试项目1.UnitTest1.TestMethod1
引发异常:
System.ServiceModel.Security.SecurityGotiationException:
无法打开安全通道
因为安全协商
远程终结点失败。这可能
由于缺席或错误
中指定的EndpointIdentity
用于创建
通道。请验证
指定或暗示的端点标识
以正确的结束点地址
标识远程终结点。---gt;
System.ServiceModel.FaultException(系统服务模型故障异常):
安全令牌请求具有
元素无效或格式不正确。
我的Web.CONFIG:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="DotNetStoreBinding" receiveTimeout="00:00:15">
<reliableSession inactivityTimeout="00:00:20" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="WcfServiceCustumer.Service1">
<endpoint binding="wsHttpBinding" contract="WcfServiceCustumer.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=DotNetStore" />
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" findValue="CN=Bob"/>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
创建服务器之后,我创建了新项目并添加了服务引用。我这样称呼服务:
EndpointAddress address = new EndpointAddress(
new Uri("http://localhost/CustomerServiceSite/Customer.svc"),
EndpointIdentity.CreateDnsIdentity("DotNetStore"),
new AddressHeaderCollection()
);
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
var client = new CustomerService.Service1Client(binding, address);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Bob");
IList<Product> allProducts = client.GetAllProducts();
任何帮助都将不胜感激。