c# – 如何在WCF上设置SSL？

发布时间：2020-12-15 22:11:33 所属栏目：百科来源：网络整理

导读：我在生产环境中收到的错误： The remote certificate is invalid according to the validation procedure. [AuthenticationException: The remote certificate is invalid according to the validation procedure.] System.Net.Security.SslState.StartSendA

我在生产环境中收到的错误：

The remote certificate is invalid according to the validation procedure.
[AuthenticationException: The remote certificate is invalid according to the validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,AsyncProtocolRequest asyncRequest,Exception exception) +2755308
System.Net.Security.SslState.StartSendBlob(Byte[] incoming,Int32 count,AsyncProtocolRequest asyncRequest) +470

生产环境使用三层架构,Web与App和App对话与数据库对话. Web和App使用WCF服务层通过SSL进行通信(443).我们认为它可能是IIS7中的SSL证书或WCF配置问题中的配置.

我们尝试了什么：
我将应用程序和Web中的证书添加到“本地计算机”和“当前用户”的可信管理机构中.

如果需要,我可以添加我的WCF Web配置.

我尝试了以下建议：

https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename(v=vs.110).aspx

https://msdn.microsoft.com/en-us/library/ms734695.aspx

“The remote certificate is invalid according to the validation procedure.” using Gmail SMTP server

How do I know what the storeName of a certificate?

https://msdn.microsoft.com/en-us/library/ms733813(v=vs.110).aspx

https://msdn.microsoft.com/en-us/library/hh556232%28v=vs.110%29.aspx

Self-Hosted WCF Service with Mutual SSL (between Service and Client) fails with 403 Forbidden

解决方法

此答案适用于您将有效负载的证书发送到HTTPS端点的客户端证书.

您需要确保信任证书,信任创建证书的证书颁发机构,以及您在受信任的商店中拥有该CA的证书.

您是否可以访问您需要提供证书的系统(而非WCF服务)上的简单网页？
即：https://mysite/test.aspx
这将允许您测试WCF之外的证书,并让您将WCF问题与IIS问题分开.

1)确保在IIS中设置证书映射.
http://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthentication
http://blogs.msdn.com/b/asiatech/archive/2014/02/13/how-to-configure-iis-client-certificate-mapping-authentication-for-iis7.aspx

短暂的;博士;我们做什么：

>将您的客户端证书添加到您的证书库(私钥)
>将用户添加到本地用户
>转到IIS并将证书映射到您创建的用户
>运行winhttpcfg.exe以提供App Pool的用户
访问该证书

https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088%28v=vs.85%29.aspx

2)确保您的web.config设置正确
(来自我们的样本,允许通过HTTP和HTTPS命中终点)

<bindings>
   <basicHttpBinding>
     <!-- Secure Bindings -->
     <binding name="secureHttpBinding">
       <security mode="Transport">
         <transport clientCredentialType="Certificate" />
       </security>
      </binding>

      <binding name="httpBinding">
        <security mode="None" />
      </binding>
   </basicHttpBinding>
</bindings> 

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

<services>
         <!-- Person Revised Service-->
        <service name="Services.PRPA_AR101202" behaviorConfiguration="ServiceBehaviour">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="Services.IPRPA_AR101202"></endpoint>
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpBinding" contract="Services.IPRPA_AR101202" />
        </service>
</services>

同样,这个答案是针对带有消息的客户端证书,如果只是普通的HTTP,你可以忽略它

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!