使用WCF服务在.NET中禁用X.509证书验证

时间:2014-05-06 05:54:28

标签: c# vb.net wcf

我正在尝试在WCF服务中设置邮件安全性,并在此过程中禁用X.509证书验证。我想仅使用用户名和密码验证客户端,而根本不验证服务器。至少现在。

参考第一个答案:

How do I tell WCF to skip verification of the certificate?

如何在客户端上以编程方式实现以下目标?

<behavior name="DisableServiceCertificateValidation">
    <clientCredentials>
        <serviceCertificate>
            <authentication certificateValidationMode="Custom"
            customCertificateValidatorType="MyCertificateValidator, Client"
            revocationMode="NoCheck" />
         </serviceCertificate>
    </clientCredentials>
</behavior>

我有这个:

With myServiceClient.ClientCredentials
    .UserName.UserName = "username"
    .UserName.Password = "password"
    .ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom
    .ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck
End With

我无法解决如何设置&#34; customCertificateValidatorType&#34;以及如何将其连接到MyCertificateValidator类。

这是否绕过了客户端证书,服务器证书或两者的要求?

这是我的服务器web.config文件。 

<?xml version="1.0"?>
<configuration>

  <system.web>
    <customErrors mode="Off"/>
    <trust level="Full"/>
    <compilation debug="true"/>
  </system.web>

  <system.serviceModel>

     <services>

      <service name="HelloWorldService.HelloWorldService" behaviorConfiguration="BehaviourMessageSecurity">

        <endpoint address ="" binding="wsHttpBinding" contract="HelloWorld.IHelloWorldService" bindingConfiguration="BindingMessageSecurity"/>

        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>

        <host>
          <baseAddresses>
            <add baseAddress="http://www.example.com/HelloWorldService.svc"/>
          </baseAddresses>
        </host>

      </service>

    </services>

    <behaviors>

      <serviceBehaviors>

        <behavior name="BehaviourMessageSecurity">
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom"
             customUserNamePasswordValidatorType="HelloWorldService.ServiceAuthenticator, HelloWorldService" />
            <serviceCertificate findValue="localhost" x509FindType="FindBySubjectName"
                                storeLocation="LocalMachine" storeName="My" />
          </serviceCredentials>
        </behavior>

       </serviceBehaviors>

    </behaviors>

    <bindings>
      <wsHttpBinding>

        <binding name="BindingMessageSecurity">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>

      </wsHttpBinding>
    </bindings>

  </system.serviceModel>

  <system.webServer>
    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>

1 个答案:

答案 0 :(得分:0)

Czustom意味着您编写自己的验证方法。如果您根本不想检查证书,请使用无:

.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None
相关问题
最新问题