问题
We are in process of upgrading our product to use TLS 1.2 version. To do that, we upgraded all the project from .net 4.6.2 to .net 4.7.2 version and built it.
I am seeing one issue, specific to WCF service while opening a channel
(proxy as ICommunicationObject).Open();
I have this in my code already:
// https://docs.microsoft.com/en-us/dotnet/framework/whats-new/#wcf47
AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols",
false);
AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto",
false);
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Exceptions:
The request for security token could not be satisfied because authentication failed.
The caller was not authenticated by the service.
I use Certificates (both Client and Server) for Authentication with
Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
回答1:
Fixed the issue after having:
Client Side:
b.Security.Message.EstablishSecurityContext = false;
b.Security.Message.NegotiateServiceCredential = false;
Server side:
<message clientCredentialType="Certificate" establishSecurityContext="false" negotiateServiceCredential="false"/>
as mentioned in
https://blogs.msdn.microsoft.com/dsnotes/2017/04/13/wcf-message-security-limitation-with-tls-1-2-protocol/
来源:https://stackoverflow.com/questions/54042522/wcf-not-able-to-connect-to-service-after-enabling-tls-1-2-and-disabling-ssl