c# – WCF HTTPS SSL自托管证书.如何正确工作?

我正在努力使用WCF和在IIS中注册的自签名证书将Silverlight应用程序从HTTP转换为HTTPS.

我在Visual Studio 2010命令提示符中进行的调用:

makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a
    sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine    

makecert -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n
    CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr
    localmachine -sky exchange -sp
    "Microsoft RSA SChannel Cryptographic Provider" -sy 12

我将此作为终点(这是Fiddler中仍然不是HTTP的调用)

<!-- Address that the Silverlight clients will connect to -->
<!-- as specified in their web.config -->
<add key="gatewayListeningHttpURI" value="http://localhost:10201/" />

当前服务器配置:

    
    
      
        
      
    

<!-- set up binding for duplex service -->
<bindings>
  <customBinding>
    <binding name="customDuplexBinding">
      <pollingDuplex duplexMode="MultipleMessagesPerPoll"
           maxOutputDelay="00:00:01"
   serverPollTimeout="00:01:00"
   inactivityTimeout="02:00:00"
   maxPendingMessagesPerSession="2147483647"
   maxPendingSessions="2147483647" />
      <binaryMessageEncoding>
        <readerQuotas
          maxDepth="2147483647"
          maxStringContentLength="2147483647"
          maxArrayLength="2147483647"
          maxBytesPerRead="2147483647"
          maxNameTableCharCount="2147483647" />
      </binaryMessageEncoding>
      <httpTransport
  maxBufferSize="2147483647"
  maxReceivedMessageSize="2147483647"
  transferMode="StreamedResponse"
            />
    </binding>
  </customBinding>

</bindings>

<behaviors>
  <endpointBehaviors>
    <!-- For Policy Service -->
    <behavior name="webHttpEndpointBehavior">
      <webHttp />
    </behavior>
  </endpointBehaviors>

  <serviceBehaviors>
    <behavior name="sb">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true"/>
      <!-- This will solve a bug that happens if too many items are sent at once from the gateway to the client -->
      <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
      <serviceThrottling
      maxConcurrentCalls="200"
      maxConcurrentSessions="200"
      maxConcurrentInstances="200" />
    </behavior>
  </serviceBehaviors>
</behaviors>

<services>
  <service name="ME.Streets.WebGateway.DuplexService.DuplexService"
     behaviorConfiguration="sb">
    <endpoint
       address="basic"
       binding="customBinding"
       bindingConfiguration="customDuplexBinding"
       contract="ME.Streets.WebGateway.DuplexService.Interface.IDuplexServiceContract">
    </endpoint>
    <endpoint
        address=""
        binding="webHttpBinding"
        behaviorConfiguration="webHttpEndpointBehavior"
        contract="ME.Streets.WebGateway.DuplexService.Interface.IPolicyRetriever"/>
    <endpoint
        address="mex"
        binding="mexHttpBinding"
        contract="IMetadataExchange"/>
  </service>
</services>

当前客户端配置:

private DuplexServiceContractClient CreateDuplexServiceClient(EndpointAddress endPoint)
    {
        PollingDuplexBindingElement pollingDuplexBindingElement = new PollingDuplexBindingElement();
        pollingDuplexBindingElement.DuplexMode = PollingDuplexMode.MultipleMessagesPerPoll;

        #if DEBUG
        pollingDuplexBindingElement.ClientPollTimeout = TimeSpan.FromMinutes(15);
        pollingDuplexBindingElement.InactivityTimeout = TimeSpan.FromMinutes(14);
        #else
        pollingDuplexBindingElement.ClientPollTimeout = TimeSpan.FromMinutes(60);
        pollingDuplexBindingElement.InactivityTimeout = TimeSpan.FromMinutes(60);
        #endif

        HttpsTransportBindingElement httpsTransportBindingElement = new HttpsTransportBindingElement();
        httpsTransportBindingElement.MaxBufferSize = int.MaxValue;
        httpsTransportBindingElement.MaxReceivedMessageSize = int.MaxValue;
        httpsTransportBindingElement.TransferMode = TransferMode.StreamedResponse;

        CustomBinding binding = new CustomBinding(
            pollingDuplexBindingElement,
            new BinaryMessageEncodingBindingElement(),
        httpsTransportBindingElement);

        var dscc = new DuplexServiceContractClient(binding, endPoint);

        dscc.InnerChannel.OperationTimeout = TimeSpan.FromMinutes(5);

#if DEBUG
        dscc.InnerChannel.OperationTimeout = TimeSpan.FromMinutes(15);
#endif
        return dscc;
    }

我已经将我的silverlight应用程序部署到IIS中并添加了HTTPS协议,以便我可以通过在Web地址前添加HTTPS来实现它.

当我登录https网站(https:// localhost / FleetNew)时问题仍然存在,我仍然收到“显示MIxed内容”的错误

当我在fidler中观看时,调用localhost:10201这是不安全的http调用.

我的netsh http show sslcert命令给我带来了这个:

IP:port                 : 0.0.0.0:10201
Certificate Hash        : 0fb891e03c857d1c50b63163e5a0b999ed757ea1
Application ID          : {3d5900ae-111a-45be-96b3-d9e4606ca793}
Certificate Store Name  : (null)
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

IP:port                 : 0.0.0.0:443
Certificate Hash        : 0fb891e03c857d1c50b63163e5a0b999ed757ea1
Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name  : MY
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

请帮我正确配置,以便对locahost:20102的调用将适用于ssl和HTTPS

我可以告诉您,缺少使用SSL托管WCF自托管服务所需的几个HTTPS元数据端点和行为配置.做你需要的主要步骤如下:

>创建自签名证书(用于测试目的),其中包含端点URL域名的匹配公用名值(最好使用您的计算机名称)
>使用netsh.exe使用指纹将端口与SSL证书绑定.
>配置WCF .config文件以获得所需的SSL设置.

这是一个相当漫长的过程,所以我没有尝试记录这里的每一步,而是有一篇博文,详细介绍了使用SSL获取WCF自托管服务所需的内容.这应该可以帮助您查看可以应用于项目的有效解决方案:

Applying and Using a SSL Certificate With A Self-Hosted WCF Service

相关文章
相关标签/搜索