using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.Text;
namespace TTTT
{
class Program
{
static void Main(string[] args)
{
NetTcpBinding bind = new NetTcpBinding(SecurityMode.Transport);
bind.MaxConnections = 1 << 16;
bind.MaxReceivedMessageSize = 1024 * 1024;
bind.MaxBufferSize = 1024 * 1024;
bind.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
bind.Security.Transport.ExtendedProtectionPolicy = new System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always);
EndpointAddress endpointAddress = new System.ServiceModel.EndpointAddress(new Uri("net.tcp://localhost:56789/ChargeService"), EndpointIdentity.CreateDnsIdentity("SUPServer"));
ServiceReference1.ChargeServiceClient csc = new ServiceReference1.ChargeServiceClient(bind, endpointAddress);
csc.ClientCredentials.ClientCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Properties.Resources.SUPServer, "xxlonline");
//csc.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
csc.ClientCredentials.Peer.PeerAuthentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
csc.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
//csc.ClientCredentials.ServiceCertificate.Authentication.CustomCertificateValidator = new SUPCertificateValidator();
csc.Open();
if (csc.State == CommunicationState.Opened)
{
var par = new ServiceReference1.CompositeType();
par.BoolValue = true;
par.StringValue = "唉";
var re = csc.GetDataUsingDataContract(par);
Console.Write(re.StringValue);
}
}
/// <summary>
/// 证书验证
/// </summary>
public class SUPCertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
if (!certificate.Thumbprint.Equals("7CB7D4243FA03CB6264B742CB0B63557C0A7AD2A"))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("证书验证失败!");
}
}
}
}
}
服务端
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.Text;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
using (ServiceHost m_Host = new ServiceHost(typeof(WcfServiceLibrary.Service1), new Uri("net.tcp://localhost:56789")))
{
//var binding = new NetTcpBinding(SecurityMode.None);
var binding = new NetTcpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
binding.Security.Transport.ExtendedProtectionPolicy = new System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always);
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;
ServiceMetadataBehavior m_ServiceMetadataBehavior = new ServiceMetadataBehavior();
m_ServiceMetadataBehavior.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; //元数据
m_Host.Description.Behaviors.Add(m_ServiceMetadataBehavior);
ServiceThrottlingBehavior m_ServiceThrottlingBehavior = new ServiceThrottlingBehavior();
m_ServiceThrottlingBehavior.MaxConcurrentCalls = 2147483647;
m_ServiceThrottlingBehavior.MaxConcurrentInstances = 2147483647;
m_ServiceThrottlingBehavior.MaxConcurrentSessions = 2147483647;
m_Host.Description.Behaviors.Add(m_ServiceThrottlingBehavior);
(m_Host.Description.Behaviors[typeof(ServiceDebugBehavior)] as ServiceDebugBehavior).IncludeExceptionDetailInFaults = true;
ServiceCredentials m_ServiceCredentials = new ServiceCredentials();
m_ServiceCredentials.ServiceCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Properties.Resources.SUPServer, "sssssss");
m_ServiceCredentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom;
m_ServiceCredentials.ClientCertificate.Authentication.CustomCertificateValidator = new SUPCertificateValidator();
m_ServiceCredentials.ClientCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
m_Host.Description.Behaviors.Add(m_ServiceCredentials);
m_Host.AddServiceEndpoint(typeof(WcfServiceLibrary.IService1), binding, "ChargeService");
m_Host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexTcpBinding(), "ChargeService/Mex");
m_Host.Opened += delegate
{
Console.WriteLine("CalculaorService已经启动,按任意键终止服务!");
};
m_Host.Open();
Console.Read();
}
}
}
public class SUPCertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
if (!certificate.Thumbprint.Equals("3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("证书验证失败!");
}
}
}
}
客户端