Programmatic WCF Message Security with Certificates

后端 未结 1 1198
悲&欢浪女
悲&欢浪女 2021-02-06 04:03

I\'ve written a self-hosted WCF service using WSHttpBindings and I\'m trying to implement message-level security using certificates I\'ve generated myself. Unfortunately I\'m g

相关标签:
1条回答
  • 2021-02-06 04:18

    this msdn article helped tremendously. I think the root of the problem was setting the following message security parameters to false:

    httpBinding.Security.Message.NegotiateServiceCredential = false;
    httpBinding.Security.Message.EstablishSecurityContext = false;
    

    So now the overall code for the server side looks more like:

    var httpBinding = new WSHttpBinding(SecurityMode.Message);
    httpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    httpBinding.Security.Message.NegotiateServiceCredential = false;
    httpBinding.Security.Message.EstablishSecurityContext = false;
    var httpUri = new Uri("http://serviceaddress");
    _host = new ServiceHost(this, httpUri);
    _host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindByThumbprint, serverThumbprint);
    _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
    _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;
    _host.AddServiceEndpoint(typeof(IMetaService), httpBinding, httpUri);
    _host.Open();
    

    and the client side:

    var httpBinding = new WSHttpBinding(SecurityMode.Message);
    httpBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
    httpBinding.Security.Message.NegotiateServiceCredential = false;
    httpBinding.Security.Message.EstablishSecurityContext = false;
    var httpUri = new Uri("http://serviceaddress");
    var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity("name of server cert"));
    var newFactory = new ChannelFactory<IMetaService>(httpBinding, httpEndpoint);
    newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindByThumbprint, "client certificate thumbprint");
    newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindByThumbprint, "server certificate thumbprint");
    var channel = newFactory.CreateChannel();
    
    0 讨论(0)
提交回复
热议问题