none
关于WCF中使用X509证书的问题,很急!! RRS feed

  • 问题

  • 以前做的X509证书的时候都分别是在服务端程序和客户端程序中添加配置文件后加入了X509证书的信息,

    服务端:

          <serviceBehaviors>
            <behavior name="Server.MyServiceBehavior">
              <serviceMetadata httpGetEnabled="true" httpGetUrl="http://localhost:8080" />
              <serviceDebug includeExceptionDetailInFaults="true" />
              <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="Custom" customCertificateValidatorType="Server.CustomX509CertificateValidator,Server"/>
                </clientCertificate>
                <serviceCertificate findValue="MyServer" storeLocation="CurrentUser"
                  x509FindType="FindBySubjectName" />
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>

    客户端:

           <endpointBehaviors>
              <behavior name="NewBehavior">
                <!--证书相关-->
                <clientCredentials>
                  <clientCertificate findValue="MyClient" x509FindType="FindBySubjectName"/>
                  <serviceCertificate>
                    <authentication certificateValidationMode="None" />
                  </serviceCertificate>
                </clientCredentials>
              </behavior>
            </endpointBehaviors>     

    然后写了一个X509证书验证类,

        public class CustomX509CertificateValidator : X509CertificateValidator
        {
            public override void Validate(X509Certificate2 certificate)
            {
                Console.WriteLine("验证开始");
                Console.Write("证书名为:");
                Console.WriteLine(certificate.Subject);
                Console.Write("证书指纹:");
                Console.WriteLine(certificate.Thumbprint);
                
                string aa = "A13671CB4509F32B9CA66CFE2B580192CBEFBD97";
               
             
                if (certificate.Thumbprint == aa)
                {
                    Console.WriteLine("用户验证成功");
                }
                else
                {
                    throw new SecurityTokenException("Certificate Validation Error!");
                }
    
                Console.WriteLine("验证结束");
            }
        }

    此处的作用是已经知道客户端的证书指纹号码,然后去验证。 

    但我发现在客户端的代码中没有任何向服务端提高相关证书的代码?    那么服务端是如何验证的了?    希望大家帮忙扫盲一下,谢谢了

    还有:以后加入做网站的时候我们通过URL来调用WCF的服务,那又如何去验证客户端是否有资格了?

    2012年7月24日 11:55

全部回复