我正在尝试帮助解决在WCF中编写的需要相互身份验证的第三方自托管Web服务的问题。问题是Web服务正在返回401 Unauthorized。我已经阅读了几篇关于如何在WCF中编写客户端和服务器部分以使用相互身份验证的文章,但我仍然有以下问题:
配置文件包含以下内容:
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
我相信这足以表明客户端应该使用证书进行身份验证,但现在该服务如何决定该证书是否是允许的证书?
你的binding定义看起来是正确的。证书在endpointBehaviors中定义。这有点难以理解,因为它在不同的XML组中被拆分。
以下是我的项目的工作示例:
<client>
<endpoint address="(address to our)WebService.svc"
behaviorConfiguration="behaviorConfig"
binding="webHttpTransportSecurity"
bindingConfiguration="bindingConfig"
contract="((your contract name))"
name="mainEndPoint">
<identity>
<certificateReference findValue="CN=((cert name like blah.blah.blah-blah.blah)), OU=((lookup)), O=((lookup))"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
</identity>
</endpoint>
</client>
<bindings>
<!-- you already have a good looking binding (above) -->
</bindings>
<behaviors>
<serviceBehaviors ...etc />
<endpointBehaviors>
<behavior name="behaviorConfig">
<clientCredentials>
<clientCertificate findValue="CN=((short name)), OU=((lookup)), O=((lookup))"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName" />
<serviceCertificate>
<defaultCertificate findValue="CN=((same content from certificateReference above)), OU=((lookup)), O=((lookup))"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<authentication certificateValidationMode="PeerTrust"
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
</clientCredentials>
<callbackTimeouts />
</behavior>
</endpointBehaviors>
</behaviors>