gpt4 book ai didi

c# - 如何使用自签名证书实现 WCF 安全性?

转载 作者:行者123 更新时间:2023-11-30 15:46:12 25 4
gpt4 key购买 nike

我在谷歌上搜索了它以使用证书安全设置我的 WCF 服务,我找到了一堆文章,但我无法决定哪篇文章容易理解。此外,当我键入这些命令时,Visual Studio 命令提示符中有一些工具,而有些则没有。任何人都可以告诉我确切的步骤或给我一些不错的链接吗?

提前致谢:)

最佳答案

最困难的部分是配置。否则,任务只是创建客户端和服务器证书并安装证书。我假设你知道该怎么做。证书必须放在 Trusted People 存储中。下面粘贴了一个大部分精简的配置。我已经成功地使用了它(你必须替换像“这里的地址”这样的值......所以逐行检查这个配置并决定你想要命名的东西。我把它和帮助放在一起两个教程,但我没有链接了。

 <system.serviceModel>
<services>
<service name="MyService" behaviorConfiguration="MyServiceBehavior">
<endpoint name="MyServiceEndpoint" address="" binding="netTcpBinding" bindingConfiguration="MyServiceBinding" contract="IMyContract"/>
<host>
<baseAddresses>
<add baseAddress="address here"/>
</baseAddresses>
</host>
</service>
</services>
<client>
<endpoint name="MyClientEndpoint" address="address here" behaviorConfiguration="ClientCertificateBehavior" binding="netTcpBinding" bindingConfiguration="MyClientBinding" contract="IMyContract">
<identity>
<dns value="ServerCertificate"/>
</identity>
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata/>
<!--need this for mex to work properly!-->

<!--
The serviceCredentials behavior allows you to define a service certificate.
A service certificate is used by the service to authenticate itself to its clients and to provide message protection.
This configuration references the "localhost" certificate installed during the set up instructions.
-->
<serviceCredentials>
<serviceCertificate findValue="ServerCertificate" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
<clientCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it is trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having certificates issued by a certificate authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="CurrentUser"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<!--
The clientCredentials behavior allows you to define a certificate to present to a service.
A certificate is used by a client to authenticate itself to the service and provide message integrity.
This configuration references the "client.com" certificate installed during the setup instructions.
-->
<clientCredentials>
<clientCertificate findValue="WFCClient" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it is trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having certificates issued by a certificate authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="CurrentUser"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="MyClientBinding" maxConnections="25000" listenBacklog="25000" portSharingEnabled="false" closeTimeout="00:05:00" openTimeout="00:05:00" sendTimeout="24:11:30" transferMode="Buffered" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2097152000" maxReceivedMessageSize="2097152000" maxBufferPoolSize="2097152000">
<readerQuotas maxStringContentLength="2000000000" maxArrayLength="2000000000" maxDepth="2000000000" maxBytesPerRead="2000000000" maxNameTableCharCount="2000000000"/>
<security mode="Transport">
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="MyServiceBinding" maxConnections="25000" listenBacklog="25000" portSharingEnabled="false" closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="24:12:35" transferMode="Buffered" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="10485760" maxReceivedMessageSize="10485760" maxBufferPoolSize="104857600">
<readerQuotas maxStringContentLength="2000000000" maxArrayLength="2000000000" maxDepth="2000000000" maxBytesPerRead="2000000000" maxNameTableCharCount="2000000000"/>
<security>
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</netTcpBinding>
</bindings>

关于c# - 如何使用自签名证书实现 WCF 安全性?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4479019/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com