0
编辑:我有点忘了这个问题!我最终重映射配置,错误消失了,我找不到原因。WCF错误“HTTP请求被禁止客户认证方案'匿名'”
我有一个托管在IIS上的WCF服务,以及试图连接到它的Windows窗体客户端。
WCF服务应该是安全的,所以IIS web应用程序被配置为使用颁发给我们的开发环境的“本地主机”域(在域中的CA)颁发的证书。
IIS上的SSL设置被设置为“Require SSL”和“Client certificates = Require”。
的WCF服务使用自定义绑定,并在web.config的配置如下:
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
</diagnostics>
<services>
<service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<!--<host>
<baseAddresses>
<add baseAddress="http://localhost:8999/" />
</baseAddresses>
</host>-->
</service>
</services>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration">
<MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SpecificBehaviorType">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
为了使客户端能够连接到服务,我们将“localhost”证书导出为“localhost.cer”文件,并在我们的代码中使用该文件(这应该是另一个特定于客户端的可信证书,但w e正在使用本地主机进行测试)。 客户端配置是以编程方式完成的(根据我的知识,这里没有具体的原因)。
的客户端代码如下:
Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
'TODO: set quotas for message size
Dim binding As New CustomBinding()
binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
'TODO: make configurable to support both http and https
If isHttps Then
Dim httpsBinding As New HttpsTransportBindingElement
binding.Elements.Add(httpsBinding)
Else
Dim transport As New HttpTransportBindingElement()
binding.Elements.Add(transport)
End If
Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))
channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))
If isHttps Then
For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
Exit For
End If
Next
End If
channelFactory.Open()
Dim channel = channelFactory.CreateChannel()
channel.Open()
现在的问题是,一旦我们尝试建立连接,我们得到
“HTTP请求被客户端身份验证方案‘匿名’禁止”我们试图改变:
httpsBinding.AuthenticationScheme
,但没有用。
我错过了什么?