Wcf self hosted service with X.509 certificate connection error

2018-07-04 10:43:34

I have a self hosted Wcf service running on Windows XP and am attempting to use Certificates for message security. This is being done via the service and client config files. Both service and client are running on the same machine and I have created certificates for both using makecert.exe. This worked fine when I had clientCredentialType="Windows" but when I modified the configuration files to use certificates it no longer works. The problem is that when I attempt to connect to the service from the client I am getting the following exception:

Exception Type: System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Message: Incoming binary negotiation has invalid ValueType http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego.

My configuration settings are:

Service config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBinding0" closeTimeout="00:10:00" sendTimeout="00:10:00">
          <security>
            <!-- <transport clientCredentialType="Certificate"/> -->
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="CommMgr.ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
            <!--
              <authentication certificateValidationMode="PeerTrust"/>
              -->
              <authentication certificateValidationMode="None"/>
            </clientCertificate>           
            <serviceCertificate findValue="WcfServer" storeLocation="CurrentUser"
              storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="CommMgr.Service" behaviorConfiguration="CommMgr.ServiceBehavior">
        <endpoint address="http://localhost:8002/Service"
                  binding="wsHttpBinding"
                  name="DataService"
                  bindingNamespace="CommMgr"
                  contract="CommMgr.Service"
                  bindingConfiguration="wsHttpBinding0">
          <!--
          <identity>
            <dns value="localhost"/>
          </identity>  
          -->
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8080/Service/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <connectionStrings>
</configuration>

Client config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_Service" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="16384" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <!-- <transport clientCredentialType="Certificate"/> -->
                      <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
                      <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
                                 algorithmSuite="Default" establishSecurityContext="true"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
      <behaviors>
        <endpointBehaviors>
          <behavior name="ClientCertificateBehavior">
            <clientCredentials>
              <clientCertificate findValue="WcfClient" storeLocation="CurrentUser"
                storeName="My" x509FindType="FindBySubjectName" />
              <serviceCertificate>
                <!--
                <authentication certificateValidationMode="PeerTrust"/>
                -->
                <authentication certificateValidationMode="None"/>
              </serviceCertificate>              
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
        <client>
            <endpoint address="http://localhost:8080/Service" behaviorConfiguration="ClientCertificateBehavior"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Service"
                contract="ServiceReference.Service" name="WSHttpBinding_Service">
                <identity>
                    <!-- <dns value="WcfServer" /> -->
                  <certificate encodedValue="MIIBuTCCAWOgAwIBAgIQD6mW56bjgapOill7ECgRMzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0xMDA3MjAxODMwMThaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdjZkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv2p/0NDo4iZU35gN+k7nGXe0LZWdnP9i4MHYD3IsFcZGIamMyXwRT8//3jx+1fs1xEb+8+QbZuj8TXt/7aX6x2kz2O5tynuholP35iObDqOd7nYSXN+70QDrZ/uktPOkLrw/nfrA8sK0aZCZjfiINHCRt/izJIzESOGzDOh1if0CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EALA+gVZDyjk4+qL7zAEV8esMX38X5QKGXHxBdd6K1+xApnSU79bRCWI9xU+HZ4rRhRJgtOdGQ1qfc9/WfvWXcYw=="/>
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

尝试关闭绑定中的negotiateServiceCredential设置：

<wsHttpBinding>
  <binding >
    <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false" />
    </security>
  </binding>
</wsHttpBinding>

链接地址: http://www.djcxy.com/p/95926.html

上一篇: ContractFilter在EndpointDispatcher异常处不匹配

下一篇: Wcf自我托管服务与X.509证书连接错误