首页 > 代码库 > wcf 证书+ssl+自定义用户名密码

wcf 证书+ssl+自定义用户名密码

1.生成证书 makecert -sr localmachine -ss My -n CN=WCFServer -sky exchange -pe -r

2.ssl证书设置

  httpcfg: 1.httpcfg query ssl 

       2.httpcfg set ssl -i 0.0.0.0:port -h hash

  netsh:

       1. netsh http show sslcert

       2. netsh http add sslcert ipport=0.0.0.0:port certhash=hash appid={GUID}

  hash:证书的指纹

  GUID:调用的应用程序的GUID

  httpcfg:XP/2003/win8

  netsh:vist/win7/win8

  个人觉得win8下用netsh比较好  记得管理员权限

3.服务端配置

  1.绑定

    设置绑定的安全模式为通道安全

<security mode="Transport">

    客户类型凭证为基本

  <transport clientCredentialType="Basic"></transport>

  2.基地址

    基地址为https开头  

<add baseAddress = "https://127.0.0.1:3555/TractabilityWCFServiceLib/Service1/" />

  3.终结点

    设置支持https的绑定模式、配置绑定

 <endpoint address ="" binding="wsHttpBinding" contract="TractabilityWCFInface.IService1" bindingConfiguration="wsHttps"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> 

  4.设置服务行为

    设置元数据终结点为https

<serviceMetadata httpsGetEnabled="True"/>

    设置服务凭证

    1.服务端为证书验证

<serviceCertificate x509FindType="FindBySubjectName" storeName="My" storeLocation="LocalMachine" findValue=http://www.mamicode.com/"WcfServerPK"/>

    2.客户证书的身份验证为none

<clientCertificate>       <authentication certificateValidationMode="None"/></clientCertificate>

    3.用户名密码身份验证为自定义 指定验证类

<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="命名空间.类名,程序集"/>

  5.自定义用户名密码验证类

    继承  System.IdentityModel.Selectors.UserNamePasswordValidator

    实现  Validate(string userName, string password)

        public override void Validate(string userName, string password)        {            Console.WriteLine("username=" + userName);//客户端传来的用户名            Console.WriteLine("password=" + password);//客户端传来的密码        }  

4.客户端配置

  1.信任证书

        ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidationCallback;        private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)        {            return true;        }    

  2.传入用户名、密码

        client.ClientCredentials.UserName.UserName = "admin";        client.ClientCredentials.UserName.Password = "1231313"; 

 

wcf 证书+ssl+自定义用户名密码