最近在想WCF身份验证,可遇到不少问题.
在网上看了不少文章都是讲证书验证的,还是照样先生成证书吧
makecert
-
sr LocalMachine
-
ss My
-
n CN
=
MyServer
-
sky exchange
-
pe
注意,这里可能会出现如下类似的错误
Error: Can ' t create the key of the subject ( ' bd4f5866 - b309 - 42b6 - b58b - 8ba355ddbac5 ' ) Failed
解决办法就是先给"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"
这个文件夹某些用户的权限,如network service,aspnet,iusr_machinename等
你可以进入证书管理控件台(在mmc中添加"证书"控制单元)查看证书是否成功添加
如果证书为不信任证书,你可将生成的证书导出一份后导入到"受信任的根证书颁发机构"中.
到此证书已生成好了
1.先写个WCF服务吧
代码
[ServiceContract]
public
interface
IRSQLHepler
{
[OperationContract]
object
GetSingle(
string
SQLString);
[OperationContract]
int
ExecuteSql(
string
SQLString);
[OperationContract]
DataSet Query(
string
strSQL, CommandType cmdType,
params
SqlParameter[] parameters);
}
public
class
RSQLHepler : IRSQLHepler
{
public
int
ExecuteSql(
string
SQLString)
{
}
public
object
GetSingle(
string
SQLString)
{
}
public
DataSet Query(
string
strSQL, CommandType cmdType,
params
SqlParameter[] parameters)
{
}
}
2.想采用用户身份验证,实现抽象类UserNamePasswordValidator
public
class
CustomUserPassword : UserNamePasswordValidator
{
public
override
void
Validate(
string
userName,
string
password)
{
}
}
3.服务器配置
代码
<
system.serviceModel
>
<
bindings
>
<
wsHttpBinding
>
<
binding name
=
"
EndpointBinding
"
>
<
security mode
=
"
Message
"
>
<
transport clientCredentialType
=
"
None
"
/>
<
message clientCredentialType
=
"
UserName
"
/>
</
security
>
</
binding
>
</
wsHttpBinding
>
</
bindings
>
<
services
>
<
service behaviorConfiguration
=
"
RemoteSQLHelper.RSQLHeplerBehavior
"
name
=
"
RemoteSQLHelper.RSQLHepler
"
>
<
endpoint address
=
""
binding
=
"
wsHttpBinding
"
contract
=
"
RemoteSQLHelper.IRSQLHepler
"
bindingConfiguration
=
"
EndpointBinding
"
>
<
identity
>
<
dns value
=
"
MyServer
"
/>
</
identity
>
</
endpoint
>
<
endpoint address
=
"
mex
"
binding
=
"
mexHttpBinding
"
contract
=
"
IMetadataExchange
"
/>
</
service
>
</
services
>
<
behaviors
>
<
serviceBehaviors
>
<
behavior name
=
"
RemoteSQLHelper.RSQLHeplerBehavior
"
>
<!--
为避免泄漏元数据信息,请在部署前将以下值设置为
false
并删除上面的元数据终结点
-->
<
serviceMetadata httpGetEnabled
=
"
true
"
/>
<!--
要接收故障异常详细信息以进行调试,请将以下值设置为
true
。在部署前设置为
false
以避免泄漏异常信息
-->
<
serviceDebug includeExceptionDetailInFaults
=
"
true
"
/>
<
serviceCredentials
>
<
clientCertificate
>
<
authentication certificateValidationMode
=
"
None
"
/>
</
clientCertificate
>
<
serviceCertificate findValue
=
"
MyServer
"
storeLocation
=
"
LocalMachine
"
x509FindType
=
"
FindBySubjectName
"
/>
<
userNameAuthentication userNamePasswordValidationMode
=
"
Custom
"
customUserNamePasswordValidatorType
=
"
RemoteSQLHelper.CustomUserPassword, RemoteSQLHelper
"
/>
</
serviceCredentials
>
</
behavior
>
</
serviceBehaviors
>
</
behaviors
>
</
system.serviceModel
>
到此wcf服务已完成.
4.客户端调用
代码
RSQLHeplerClient client
=
new
RSQLHeplerClient();
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode
=
X509CertificateValidationMode.None;
client.ClientCredentials.UserName.UserName
=
"
admin
"
;
client.ClientCredentials.UserName.Password
=
"
*******
"
;
object
len
=
client.GetSingle(
"
****
"
);
有些朋友会想到把证书添加到"CURRENT_USER"存储区,调试时会通过,但在IIS会出现找不到证书的问题
注:
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
