WCF X.509验证

1.证书的制作

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingClient -sky exchange -pe 

注意：证书制作完后还要对相应的证书读取权限作配置。

WCF取用X.509证书，服务端和客户端都要作相应的修改。

2.服务端的修改

behavior节点：

        <behavior name="CustomBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="None" />
            </clientCertificate>
            <serviceCertificate findValue="ParkingServer" storeLocation="LocalMachine"
              storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>

binding节点

      <wsHttpBinding>
        <binding name="CustomWsHttpBinding">
          <security mode="Message">
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>

service节点

    <service  name="WcfService1.Service1" behaviorConfiguration="CustomBehavior">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="CustomWsHttpBinding"
          contract="WcfService1.IService1">
          <identity>
            <dns value="ParkingServer" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>

3.客户端的修改

client-endpoint节点

      <endpoint address="http://localhost:60909/Service2.svc" binding="basicHttpBinding" behaviorConfiguration="CustomBehavior2"
        bindingConfiguration="BasicHttpBinding_IService2" contract="ServiceReference2.IService2"
        name="BasicHttpBinding_IService2">
        <identity>
          <dns value="ParkingServer" />
        </identity>
      </endpoint>

bindings节点

      <basicHttpBinding>
        <binding name="BasicHttpBinding_IService2">
          <security mode="Message">
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </basicHttpBinding>

behavior节点

behavior节点，wsHttpBindings和basicHttpBindings的绑定内容有所不同。basicHttpBindings多一个defaultCertificate的配置

basicHttpBindings

        <behavior name="CustomBehavior2">
          <clientCredentials>
            <clientCertificate findValue="zoesoft"
                                x509FindType="FindBySubjectName"
                                storeLocation="LocalMachine"
                                storeName="My"/>
            <serviceCertificate>
              <authentication certificateValidationMode="None"/>
              <defaultCertificate findValue="ParkingServer" storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>

wsHttpBindings

        <behavior name="CustomBehavior">
          <clientCredentials>
            <clientCertificate findValue="zoesoft"
                                x509FindType="FindBySubjectName"
                                storeLocation="LocalMachine"
                                storeName="My"/>
            <serviceCertificate>
              <authentication certificateValidationMode="None"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>

参考：

WCF开发框架形成之旅--如何实现X509证书加密

Invoke WCF service from Java Client with Authentication (X.509 Certificate) Java 客户端调用WCF服务 需要安全验证