如何解决带有证书的 WCF net tcp,客户端-服务器连接失败
我有 WCF 服务,安全模式设置为消息,clientCredentialType 设置为证书。 尝试连接时出现以下异常:
异常消息:无法请求安全令牌 满意,因为身份验证失败。
这是 WCF 日志:
X.509 证书 CN=Client.Product.local,O=My Company Ltd,OU="",S="",L="",C=""; 7C02D26E1C59558A51C3CDC02CB36C280E50BA24 链构建失败。使用的证书具有信任链 无法验证。更换证书或更改 证书验证模式。吊销功能无法检查 撤销证书
这是相关的代码:
// 服务器设置
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
public void Init()
{
Uri baseAddress = new Uri("net.tcp://localhost:8632/TestService");
ServiceHost host = new ServiceHost(typeof(ReconCommService.ReconstructionService),new Uri[] { baseAddress } );
try
{
host.Credentials.ServiceCertificate.Certificate = CertificateManager.VCertificate.CertifciateOf.ServerCert();
host.open();
Console.WriteLine("The service is ready at {0}",baseAddress);
}
}
public X509Certificate2 ServerCert()
{
var store = new X509Store(StoreName.My,StoreLocation.LocalMachine);
//var store = new X509Store("Product",StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var cn = "CN=Server.Product.local,OU=\"\",S=\"\",L=\"\",C=\"\"";
var currentCerts = certCollection.Find(X509FindType.FindBySubjectdistinguishedname,cn,false);
return currentCerts.Count == 0 ? null : currentCerts[0];
}
// 客户端设置
public void Init()
{
binding = new NetTcpBinding();
binding.Name = "NetTcpBindingEndpoint";
binding.MaxBufferSize = int.MaxValue;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.ReceiveTimeout = new TimeSpan(5,0);
binding.OpenTimeout = new TimeSpan(0,10);
binding.SendTimeout = connectionTimeout;
binding.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
binding.ReaderQuotas.MaxNaMetableCharCount = int.MaxValue;
binding.ReliableSession.InactivityTimeout = inactivityTimeout;
binding.ReliableSession.Enabled = true;
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
string uriStr = "net.tcp://127.0.0.1:8632/TestServiceService";
endpointAddress = new EndpointAddress(uriStr);
factory = new DuplexChannelFactory<IReconstructionService>(ctx,binding,endpointAddress);
factory.Credentials.ClientCertificate.Certificate = CertificateManager.VCertificate.CertifciateOf.ClientCert();
}
public X509Certificate2 ClientCert()
{
var store = new X509Store(StoreName.My,StoreLocation.LocalMachine);
//var store = new X509Store("Product",StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var cn = "CN=Client.Product.local,false);
return currentCerts.Count == 0 ? null : currentCerts[0];
}
// Exception occurs when try to establish connection in ->> ((IChannel)channel).EndOpen(ar)
public IReconstructionService CLientProxy
{
get
{
if (System.Net.ServicePointManager.SecurityProtocol == (SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls))
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
// --- This is a workaround for reducing the connection timeouts without touching the sendTimeout
IReconstructionService channel = factory.CreateChannel();
var ar = ((IChannel)channel).Beginopen(null,null);
if (!ar.AsyncWaitHandle.WaitOne(factory.Endpoint.Binding.OpenTimeout,true))
{
throw new TimeoutException("Service is not available");
}
((IChannel)channel).EndOpen(ar); <<-- Exception
myChannel = channel;
return channel;
// ---- If it's making any problems --> comment this code and return above 2 commented lines
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。