剑轩

WCF使用X509证书数据加密

发表于:2019/8/6 17:07


一:创建证书


在VS2012 的DOS命令提示中,输入下面的命令创建两个证书


makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=TestServer -sky exchange -pe

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=TestClient -sky exchange -pe


下面是各种参数的介绍

创建成功后可以

开始->运行->mmc.exe->在控制台中选择文件->添加/删除管理单元->添加->选择证书->弹出证书管理单元选择计算机账户,默认下一步确定回来,就看到下面的界面。

二;建立wcf服务

主要是配置

<clientCertificate>
              <authentication certificateValidationMode="None" />这里设置成None因为我们创建的是不受信任的证书
 </clientCertificate>

配置xml:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>
 
  <system.serviceModel>
    
    <behaviors>
      <serviceBehaviors>
 
        <behavior name="mybehavior">
          <!-- 为避免泄漏元数据信息,请在部署前将以下值设置为 false -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- 要接收故障异常详细信息以进行调试,请将以下值设置为 true。在部署前设置为 false 以避免泄漏异常信息 -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
          
           <!--配置证书-->
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="None"/>
            </clientCertificate>
            <serviceCertificate findValue="TestServer"
       x509FindType="FindBySubjectName"
       storeLocation="LocalMachine"
       storeName="My"/>
          </serviceCredentials>
        </behavior>
        
      </serviceBehaviors>
    </behaviors>
 
    <!--指定验证方式-->
     <bindings>
      <wsHttpBinding>
        <binding name="myhttpbind">
          <security mode="Message">
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
 
      <service name="WcfCertificate.Service1"  behaviorConfiguration="mybehavior">   
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="myhttpbind" contract="WcfCertificate.IService1">
          <identity>
            <dns  value="TestServer"/>
          </identity>
        </endpoint>
        <endpoint address="MEX" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    
    <protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <!--
        若要在调试过程中浏览 Web 应用程序根目录,请将下面的值设置为 True。
        在部署之前将该值设置为 False 可避免泄露 Web 应用程序文件夹信息。
      -->
    <directoryBrowse enabled="true"/>
  </system.webServer>
 
</configuration>

配置后运行wcf服务后报密钥集不存在,是因为没有对证书授权


授权证书:

添加Everyone --读取

然后就可以正常的访问wcf服务了


三:客服端调用

用winform作为测试客服端

添加引用后添加一点配置

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IService1">
                    <security>
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://localhost:8191/Service1.svc" binding="wsHttpBinding"
                bindingConfiguration="WSHttpBinding_IService1" contract="ServiceReference1.IService1"
                name="WSHttpBinding_IService1" behaviorConfiguration="mye">
                <identity>
                    <dns value="TestServer" />
                </identity>
            </endpoint>
        </client>
          
       <behaviors>
        <endpointBehaviors>
          <!--增加一个证书验证-->
          <behavior name="mye">
            <clientCredentials>
              <!--其实这里findvalue的证书填写TestServer也可以,没有作验证只要有一个证书就行-->
              <clientCertificate  findValue="TestClient" storeName="My"  storeLocation="LocalMachine"
                                    x509FindType="FindBySubjectName"/>
              <serviceCertificate>
                <authentication certificateValidationMode="None"/>
              </serviceCertificate>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
    </system.serviceModel>
</configuration>

ok!调用成功

注意:这里使用的是wsHttpBinding,使用basicHttpBinding调试没有成功




关于TNBLOG
TNBLOG,技术分享
App store Android
精彩评论
{{item.replyName}}
{{item.content}}
{{item.time}}
{{subpj.replyName}}
@{{subpj.beReplyName}}{{subpj.content}}
{{subpj.time}}
猜你喜欢