gpt4 book ai didi

IIS7 共享主机上的 WCF 身份验证

转载 作者:行者123 更新时间:2023-12-04 06:24:08 25 4
gpt4 key购买 nike

经过几天的测试,我发现创建带有身份验证的 WCF Web 服务的唯一方法是将证书放在 localmachine/trustedpeople 证书存储中。主人不会为我做这件事。您知道有什么方法可以在不将证书放入该商店的情况下启用 WCF 身份验证吗?有没有其他方法可以让 WCF 安全在共享主机上工作?

我已经在 codeproject 上使用了一个示例,该示例将证书放入 app_data 中,但我无法使其正常工作。

最佳答案

我在本地 IIS 上做了一些非常简单的测试。我使用单一方法提供非常简单的服务。要公开服务,我使用此配置:

<configuration>
<appSettings>
<add key="CertificatePath" value="D:\Applications\CertificateFromFile\App_Data\ServerCert.pfx" />
<add key="CertificatePassword" value="password" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="CertificateFromFile.MyPasswordValidator, CertificateFromFile" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<clear />
<add scheme="http" binding="wsHttpBinding" />
</protocolMapping>
<bindings>
<wsHttpBinding>
<binding>
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<serviceActivations>
<add service="CertificateFromFile.MyService" factory="CertificateFromFile.MyServiceHostFactory" relativeAddress="Service.svc" />
</serviceActivations>
</serviceHostingEnvironment>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>

配置定义:
  • 两个自定义 appSettings 描述证书和密码的路径。
  • 具有基于配置的激活的单个服务 - 它将具有需要消息级别身份验证的 wsHttpBinding(通过 protocolMapping 定义)的默认端点。
  • 定义自定义密码验证器但没有服务证书的默认行为!
  • 使用自定义 ServiceHostFactory 在自定义服务主机上激活服务。

  • 加载证书的整个魔术是在自定义服务主机和服务主机工厂中完成的:
    namespace CertificateFromFile
    {
    public class MyServiceHostFactory : ServiceHostFactory
    {
    protected override System.ServiceModel.ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
    {
    string path = ConfigurationManager.AppSettings["CertificatePath"];
    string password = ConfigurationManager.AppSettings["CertificatePassword"];
    return new MyServiceHost(serviceType, path, password, baseAddresses);
    }
    }

    public class MyServiceHost : ServiceHost
    {
    private readonly string _certificatePath;
    private readonly string _certificatePassword;

    public MyServiceHost(Type serviceType, string certificatePath, string certificatePassword, params Uri[] baseAddresses)
    : base(serviceType, baseAddresses)
    {
    _certificatePath = certificatePath;
    _certificatePassword = certificatePassword;
    }

    protected override void OnOpening()
    {
    base.OnOpening();

    var certificate = new X509Certificate2(_certificatePath, _certificatePassword);
    var credentials = Description.Behaviors.Find<ServiceCredentials>();
    credentials.ServiceCertificate.Certificate = certificate;
    }
    }
    }

    关于IIS7 共享主机上的 WCF 身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6216953/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com