我有一个WCF服务托管在IIS上。此服务使用wsHttpBinding X509认证身份验证和一切正常。现在我需要从Windows 2000机器访问此服务,问题是Framework 2.0不支持wsHttpBinding身份验证,但只支持basicHttpBinding。从Windows 2000 WCF客户端
我的问题:
是否有可能暴露在相同的服务两个不同的端点(WsHttpBinding的SSL认证X509和匿名basicHttpBinding的)(又名IIS应用程序)?
是不可能性写一个Windows 2000客户端应用程序通过的wsHttpBinding X509身份验证连接到WCF服务(任何语言接受)
<behaviors> <serviceBehaviors> <behavior name="CertBehavior"> <serviceMetadata httpsGetEnabled="False"/> <serviceCredentials> <serviceCertificate findValue="CertServices" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/> <clientCertificate> <authentication certificateValidationMode="PeerTrust"/> </clientCertificate> </serviceCredentials> </behavior> <behavior name="AnonBehavior"> <serviceMetadata httpGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="true"/> </behavior> </serviceBehaviors> </behaviors> <services> <service name="Server.Service1" behaviorConfiguration="CertBehavior"> <host> <baseAddresses> <add baseAddress="http://192.168.1.112:8732/Service"/> <add baseAddress="https://192.168.1.112/Service"/> </baseAddresses> </host> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="CertBinding" contract="Server.IService1"/> </service> </services>
////////// ////////////////////////////////////////////////// ///////////////////////////////
我已经尝试此配置:
<behaviors>
<endpointBehaviors>
<behavior name="basicHttpBehavior"/>
<behavior name="certWsBehavior">
<clientCredentials>
<clientCertificate findValue="Services" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="Services" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="Server.Service1">
<clear />
<endpoint address="" behaviorConfiguration="certWsBehavior" binding="wsHttpBinding" contract="Server.IService1">
</endpoint>
<!--endpoint address="/basic" binding="basicHttpBinding" bindingConfiguration="BasicAnonBinding" contract="Server.IService1" /-->
<host>
<baseAddresses>
<add baseAddress="http://192.168.1.112:8732/PcrService" />
<add baseAddress="https://192.168.1.112/PcrService" />
</baseAddresses>
</host>
</service>
</services>
个
千恩万谢, 里卡多
谢谢,但我的问题是我为所有端点配置定义了一个'serviceBehaviors'(请参阅代码)。相反,我必须定义一个没有X509认证且没有ssl加密的新端点。我怎样才能得到这个? – Riccardo 2012-07-27 08:15:42
您应该使用endpointBehavior而不是serviceBehavior并将X509证书仅应用于第一个端点。 – 2012-07-27 08:21:11
我已经试图定义一个终点行为,但它不起作用。你能告诉我新代码有什么问题吗?我怎样才能在IIS中设置ssl配置? (需要,接受,忽略??)谢谢。 – Riccardo 2012-07-27 08:50:56