1. 首页
  2. 问答
  3. WCF服务接受任何旧证书

WCF服务接受任何旧证书

2012-10-03 43 views
1

我试图设置此WCF服务只接受客户端提交“测试01”证书时的请求。问题是它似乎接受来自同一机构的任何证书,例如“测试04”。WCF服务接受任何旧证书

如何拒绝所有未使用“Test 01”证书发送的请求?

<basicHttpBinding> 
    <binding 
     name="TestSecureBinding" 
     maxReceivedMessageSize="5242880"> 
     <security mode="Transport"> 
     <transport 
      clientCredentialType="Certificate"></transport> 
     </security> 
    </binding> 
    </basicHttpBinding> 

    <behavior name="TestCertificateBehavior"> 
     <serviceCredentials> 
     <clientCertificate> 
      <certificate 
      storeLocation="LocalMachine" 
      x509FindType="FindBySubjectName" 
      findValue="Test 01"/> 
      <authentication 
      certificateValidationMode="PeerTrust" 
      trustedStoreLocation="LocalMachine" 
      revocationMode="NoCheck"/> 
     </clientCertificate> 
     </serviceCredentials> 
    </behavior> 
    <service 
    name="IService" 
    behaviorConfiguration="TestCertificateBehavior"> 
    <endpoint 
     name="MyHttps" 
     address="https://localhost:443" 
     contract="IService" 
     binding="basicHttpBinding" 
     bindingConfiguration="TestSecureBinding"> 
    </endpoint> 
    <host> 
     <baseAddresses> 
     <add baseAddress="https://localhost:443"/> 
     </baseAddresses> 
    </host> 
    </service>

来源

2012-10-03 Fenton

+1

你必须写一个自定义的证书验证: [见这个问题] [1] [1]:http://stackoverflow.com/questions/1559915/custom-certificate-验证功能于WCF服务 –

回答

0

没有办法在简单的WCF配置中进行配置 - 您必须自行推出。

public class CertificateValidator : X509CertificateValidator 
{ 
    private string _expectedSubjectName; 

    public CertificateValidator(string expectedSubjectName) 
    { 
     _expectedSubjectName = expectedSubjectName; 
    } 

    public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) 
    { 
     if (certificate == null) 
     { 
      throw new ArgumentNullException("certificate"); 
     } 

     if (certificate.SubjectName.Name != _expectedSubjectName) 
     { 
      throw new SecurityTokenValidationException("Invalid certificate"); 
     } 
    } 
}

然后您可以连接到您的服务主机:Creating a service that employs a custom certificate validator

serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = 
       X509CertificateValidationMode.Custom; 
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = 
       new CertificateValidator(expectedCertificateName);

取之。

来源

2012-10-03 13:35:03 Fenton

相关问题

 相关问题