1.证书的制作
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingClient -sky exchange -pe
注意:证书制作完后还要对相应的证书读取权限作配置。
WCF取用X.509证书,服务端和客户端都要作相应的修改。
2.服务端的修改
behavior节点:
<behavior name="CustomBehavior"><serviceMetadata httpGetEnabled="true" /><serviceDebug includeExceptionDetailInFaults="true" /><serviceCredentials><clientCertificate><authentication certificateValidationMode="None" /></clientCertificate><serviceCertificate findValue="ParkingServer" storeLocation="LocalMachine"storeName="My" x509FindType="FindBySubjectName" /></serviceCredentials></behavior>
binding节点
<wsHttpBinding><binding name="CustomWsHttpBinding"><security mode="Message"><message clientCredentialType="Certificate"/></security></binding></wsHttpBinding>
service节点
<service name="WcfService1.Service1" behaviorConfiguration="CustomBehavior"><endpoint address="" binding="wsHttpBinding" bindingConfiguration="CustomWsHttpBinding"contract="WcfService1.IService1"><identity><dns value="ParkingServer" /></identity></endpoint><endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /></service>
3.客户端的修改
client-endpoint节点
<endpoint address="http://localhost:60909/Service2.svc" binding="basicHttpBinding" behaviorConfiguration="CustomBehavior2"bindingConfiguration="BasicHttpBinding_IService2" contract="ServiceReference2.IService2"name="BasicHttpBinding_IService2"><identity><dns value="ParkingServer" /></identity></endpoint>
bindings节点
<basicHttpBinding><binding name="BasicHttpBinding_IService2"><security mode="Message"><message clientCredentialType="Certificate" /></security></binding></basicHttpBinding>
behavior节点
behavior节点,wsHttpBindings和basicHttpBindings的绑定内容有所不同。basicHttpBindings多一个defaultCertificate的配置
basicHttpBindings
<behavior name="CustomBehavior2"><clientCredentials><clientCertificate findValue="zoesoft"x509FindType="FindBySubjectName"storeLocation="LocalMachine"storeName="My"/><serviceCertificate><authentication certificateValidationMode="None"/><defaultCertificate findValue="ParkingServer" storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/></serviceCertificate></clientCredentials></behavior>
wsHttpBindings
<behavior name="CustomBehavior"><clientCredentials><clientCertificate findValue="zoesoft"x509FindType="FindBySubjectName"storeLocation="LocalMachine"storeName="My"/><serviceCertificate><authentication certificateValidationMode="None"/></serviceCertificate></clientCredentials></behavior>
参考:
WCF开发框架形成之旅--如何实现X509证书加密
Invoke WCF service from Java Client with Authentication (X.509 Certificate) Java 客户端调用WCF服务 需要安全验证