如何使用C#中的客户端证书调用Web服务?
问题描述:
我已经从我的客户端安装了一个证书到我的PC上,这是访问他们的Web服务所需要的。但是当我试图从我的C#windows服务访问Web服务时,我无法从代码中找到证书。 这里是我的代码:如何使用C#中的客户端证书调用Web服务?
private X509Certificate findCertificate()
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
string certThumbprint = string.Empty;
X509Certificate cert = new X509Certificate();
for (int i = 0; i < store.Certificates.Count; i++)
{
certThumbprint = store.Certificates[i].Thumbprint.ToString().ToUpper();
if (certThumbprint == "176455DB76886FF2BA3C122F8B36322F647CB2FD")//when debugging then debugger is not coming into this line even if it finds the thumbprint
{
cert = store.Certificates[i];
}
}
return cert;
}
而且,我试图做同样的App.config中但我打的错误为:
invalid hexadecimal string format. inner exception null
这里是我的App.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="PrivatmoneyPortBinding" >
<security defaultAlgorithmSuite="Basic128" authenticationMode="MutualCertificate"
requireDerivedKeys="false" includeTimestamp="true" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="00:05:00"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
</security>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Default" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="true"
useDefaultWebProxy="true" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://pmtest.xxxx.xx:xxxx/xxxxx/xxxxx?wsdl" behaviorConfiguration="NewClientEPBehavior"
binding="customBinding" bindingConfiguration="PrivatmoneyPortBinding"
contract="PrivatMoney.PrivatmoneyPort" name="PrivatmoneyPort">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="NewClientEPBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" />
</serviceCertificate>
<clientCertificate storeLocation="CurrentUser" storeName="Root" findValue="176455DB76886FF2BA3C122F8B36322F647CB2FD" x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
答
我不知道你是如何得到指纹的。就我而言,我从证书详细信息中选择了它(来自mmc的GUI)。问题是我选择了更多。 在开始时有一些不可见的字符,当它粘贴到配置时不会显示。
选择除第一个字符以外的指纹并将其复制到剪贴板。将第一个字符输入到配置中,并从剪贴板粘贴其余的字符。
感谢您的回答。我试过了你的建议,但仍然有同样的错误。你能否建议为什么它会抛出这个错误?或者其他任何方式来检查证书的存在? – user7336033
删除包含引号**的指纹**并手动输入。如果您收到此消息“无效的十六进制字符串格式”,则必须有一些无效的字符。 – pepo
它的工作谢谢你。但是现在遇到了不同的错误:私钥在x 509证书中不存在 – user7336033