问题
I'm getting the following error when I access my webservice localhost/MyService/MyService.svc
The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'.
I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx
Here is my wcf server web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings />
<system.web>
<identity impersonate="false" />
<roleManager enabled="true" />
<authentication mode="Windows" />
<customErrors mode="Off" />
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
</system.web>
<system.webServer>
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" roles="" />
</authorization>
</security>
</system.webServer>
<system.serviceModel>
<services>
<service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
<endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
<endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceMetadata />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
revocationMode="Online"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="CertificateWithTransportWSHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
I've configured IIS as follows:
- https binding added using self signed certificate
- Under SSL settings, require SSL and accept client certificates is checked
- The self signed certificate has been added to the Local Computer Trusted Root CA.
I can browse and execute the .asmx service definition, but the .svc gives me the error described above.
回答1:
Try to comment out your mex endpoint. That should get it working
回答2:
Here's the process
- Create Self Signed Cert in IIS.
- Create Site in IIS.
- Set Site to Require SSL.
- A glitch in IIS 7 won't allow you to specify the hostname for a site when you select the https protocol in bindings. There are instructions here to properly set the hostname for this binding.
In your web config modify it like so
<wsHttpBinding> <binding name="CertificateWithTransportWSHttpBinding"> <security mode="Transport"> <transport clientCredentialType="none" /> </security> </binding> </wsHttpBinding> <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceDebug includeExceptionDetailInFaults="True" /> <serviceMetadata /> </behavior> </serviceBehaviors>In your MEX endpoint set the binding="wsHttpsBinding"
If you do all of that above you should be up and running with an SSL WCF Service.
回答3:
I was banging my head on this for at least 2-3 hours, and overlooked the response above about commenting out your mex endpoint.
This proved to be the answer for me so just wanted to re-enforce the answer above. See the comment at the bottom of Step 7 in the above post:
http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorisation-with-wcf-in-development-environments.aspx
来源:https://stackoverflow.com/questions/4082951/transport-security-with-certificate-authentication