通过SSL验证

问题描述：

您好自定义WCF客户端证书，通过SSL验证

我试图使用WCF做一些认证：

验证使用用户名/ Passoword
用户使用验证客户端客户证书
自定义接受哪个根证书

一些试验和错误后，我设法得到1分2 &工作，但我被困在3这是我的服务配置

<system.serviceModel> 
    <behaviors> 
     <endpointBehaviors /> 
     <serviceBehaviors> 
      <behavior name="MyBehavior"> 
       <serviceCredentials> 
        <userNameAuthentication userNamePasswordValidationMode="Custom" 
              customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1" /> 
       </serviceCredentials>      
       <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" /> 
       <serviceDebug includeExceptionDetailInFaults="true" /> 
      </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <bindings> 
     <customBinding> 
      <binding name="certificate"> 
       <security authenticationMode="UserNameOverTransport" /> 
       <textMessageEncoding messageVersion="Soap12WSAddressing10" /> 
       <httpsTransport requireClientCertificate="true" /> 
      </binding> 
     </customBinding> 
    </bindings> 
    <services> 
     <service behaviorConfiguration="MyBehavior" name="WcfService1.Service1"> 
      <endpoint address="" binding="customBinding" bindingConfiguration="certificate" 
         contract="WcfService1.IService1" /> 
     </service> 
    </services> 
</system.serviceModel>

，这是我的客户端配置

<client> 
     <endpoint name="service1" address="https://localhost:443/WcfService1/Service1.svc" binding="customBinding" 
        bindingConfiguration="certificate" behaviorConfiguration="certificate" contract="WcfService1.IService1" /> 
    </client> 
    <behaviors> 
     <endpointBehaviors> 
      <behavior name="certificate"> 
       <clientCredentials> 
        <clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" 
             findValue="SignedByCA" /> 
       </clientCredentials> 
      </behavior> 
     </endpointBehaviors> 
     <serviceBehaviors /> 
    </behaviors> 
    <bindings> 
     <customBinding> 
      <binding name="certificate"> 
       <security authenticationMode="UserNameOverTransport" /> 
       <textMessageEncoding messageVersion="Soap12WSAddressing10" /> 
       <httpsTransport requireClientCertificate="true" /> 
      </binding> 
     </customBinding> 
    </bindings>

使用客户端和附加用户名凭证很好地工作

var channelFactory = new ChannelFactory<IService1>("service1"); 
var user = channelFactory.Credentials.UserName; 
user.UserName = username; 
user.Password = password;

使用OperationContext.Current.ServiceSecurityContext.Aut horizationContext.ClaimSets使我可以访问证书的用户名和名称以及指纹。可悲的是，我无法找到证书的IssuerName。我还可以如何禁止没有由某个根证书颁发的证书的客户端？

任何提示点我到正确的方向或任何替代品大受欢迎;）

感谢

您可以检查是用来限制访问某些证书撤销 – Rajesh 2012-08-15 12:18:28

答

其实，这是很容易的，但黑客攻击。授权上下文中有一个身份列表。

OperationContext.Current.ServiceSecurityContext 
.AuthorizationContext.Properties["Identities"]

其中之一是X509Identity类型。那个是System.IdentityModel的内部，你不能直接获取它。

identity.GetType().Name == "X509Identity"

这其实并不重要，因为包含证书字段是私有的，反正:)

var field = identity.GetType().GetField(
    "certificate", 
    BindingFlags.GetField | BindingFlags.Instance | BindingFlags.NonPublic); 
var certificate = (X509Certificate2) field.GetValue(identity); 
string issuer = certificate.Issuer;

相关推荐