我创建了一个服务,我需要客户端传递凭据(用户名和密码)。 此行为需要X509证书,因此我开始使用makecert.exe进行自签名的开发问题。
因为我是证书的新手,我看到在IIS服务器证书部分创建的这个证书,我需要我的服务稍后在Windows服务上自托管,出于测试目的,我使用控制台主机应用程序和一个简单的winform应用程序客户。
所以我的问题是,我如何部署这个证书? 我不想在任何时候使用IIS,我可以嵌入证书,我注意到我可以在控制台/ Windows服务主机内导出.pfx文件? 如何?
我正在发布我的服务和客户端配置文件,以帮助理解我需要的东西。
服务器配置:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="B2B.WCF.Service.B2BService" behaviorConfiguration="wsBehavior"> <endpoint name="WSHttpEndpointB2B" bindingConfiguration="WSBinding" address ="http://localhost:8768/ServB2B" binding="wsHttpBinding" contract="B2B.WCF.Contracts.IB2BContracts"> </endpoint> </service> </services> <behaviors> <serviceBehaviors> <behavior name="wsBehavior"> <serviceMetadata httpsGetEnabled="false"/> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" /> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="B2B.WCF.Service.UserValidator, B2B.WCF.Service" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WSBinding"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration>客户端配置:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <client> <endpoint name="WSHttpEndpointB2B" bindingConfiguration="WSBinding" behaviorConfiguration="wsBehavior" address ="http://localhost:8768/ServB2B" binding="wsHttpBinding" contract="B2B.WCF.Contracts.IB2BContracts"> <identity> <dns value="MyServerCert"/> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="wsBehavior"> <clientCredentials> <clientCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <serviceCertificate> <authentication certificateValidationMode="None"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WSBinding"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration>提前完成
I have created a Service where I need the client to pass the credentials (username and password). This behavior requires a X509 certificate, so i started for development issues with a self-signed one using makecert.exe.
Because I'm so newbie with certificates, i see that this certificate created on the IIS Server Certificates section, I need my service to be self hosted later on a windows service, for testing purposes i use a console host application and a simple winform app client.
So my question is, How do i deploy this certificate? I don't want to use IIS in anyway, I can embed the certificate where i noticed i can export as .pfx file inside the console/windows service host? And how?
I'm posting my service and client config files for help on understanding what I need.
Server Configuration:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="B2B.WCF.Service.B2BService" behaviorConfiguration="wsBehavior"> <endpoint name="WSHttpEndpointB2B" bindingConfiguration="WSBinding" address ="http://localhost:8768/ServB2B" binding="wsHttpBinding" contract="B2B.WCF.Contracts.IB2BContracts"> </endpoint> </service> </services> <behaviors> <serviceBehaviors> <behavior name="wsBehavior"> <serviceMetadata httpsGetEnabled="false"/> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" /> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="B2B.WCF.Service.UserValidator, B2B.WCF.Service" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WSBinding"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration>Client Configuration:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <client> <endpoint name="WSHttpEndpointB2B" bindingConfiguration="WSBinding" behaviorConfiguration="wsBehavior" address ="http://localhost:8768/ServB2B" binding="wsHttpBinding" contract="B2B.WCF.Contracts.IB2BContracts"> <identity> <dns value="MyServerCert"/> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="wsBehavior"> <clientCredentials> <clientCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <serviceCertificate> <authentication certificateValidationMode="None"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WSBinding"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration>Thanx in advance
最满意答案
您的证书需要导入到托管您的Web服务的计算机上的Windows证书存储区(即“服务器”)和(可选)导入使用您的Web服务的计算机上(即“客户端”,如果是一台不同的机器)。
您应该使用Microsoft管理控制台(MMC)来执行此操作。 首先,您应该根据本文进行设置。 然后根据本文中的步骤导入证书。 确保为客户端证书(即“个人”)和根证书(即“受信任的根证书颁发机构”)选择正确的存储。
除非找到配置文件中引用的正确证书,否则您的Web服务将无法启动。 在您的情况下,这是您要存储在“个人”商店中的"MyServerCert"证书。
Your certificates need to be imported into the Windows Certificate Store on the machine that is hosting your web service (i.e. "the server") and (optionally) on the machine that is using your web service (i.e. "the client", if it is a different machine).
You should use the Microsoft Management Console (MMC) to do this. First, you should set it up according to this article. Then import your certificates according to the steps in this article. Make sure you choose the correct store for the client certificate (i.e. 'Personal') and root certificate (i.e. 'Trusted Root Certification Authorities').
Your web service won't start unless it finds the correct certificates that are referenced in your configuration files. In your case, this is the "MyServerCert" certificate that you want to store in the 'Personal' store.
更多推荐
发布评论