zoukankan      html  css  js  c++  java
  • WCF 定制自己的签名验证逻辑

    关键点:

    1. 保证在客户端设置签名。

    client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, certName);

    2. 编写自己的validator,继承 X509CertificateValidator

    public class MyX509CertificateValidator : X509CertificateValidator
    {
        string allowedIssuerName;
    
        public MyX509CertificateValidator(string allowedIssuerName)
        {
            if (allowedIssuerName == null)
            {
                throw new ArgumentNullException("allowedIssuerName");
            }
    
            this.allowedIssuerName = allowedIssuerName;
        }
    
        public override void Validate(X509Certificate2 certificate)
        {
            // Check that there is a certificate.
            if (certificate == null)
            {
                throw new ArgumentNullException("certificate");
            }
    
            // Check that the certificate issuer matches the configured issuer.
            if (allowedIssuerName != certificate.IssuerName.Name)
            {
                throw new SecurityTokenValidationException
                  ("Certificate was not issued by a trusted issuer");
            }
        }
    }
    

     3. 在server端,将自己编写的validator嵌入servicehost之中

               using (ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))
                {
                    serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = 
                        X509CertificateValidationMode.Custom;
                    serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = 
                        new MyX509CertificateValidator("CN=Contoso.com");
    
                    serviceHost.Open();
                    Console.WriteLine("Service started, press ENTER to stop ...");
                    Console.ReadLine();
    
                    serviceHost.Close();
                }

    最后附上MSDN的官方说明(原文出处)
    https://msdn.microsoft.com/en-us/library/ms733806(v=vs.110).aspx
  • 相关阅读:
    ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题
    Linux学习安装
    linux中的虚拟环境工具
    linux 文件目录权限
    PHP利用百度ai实现文本和图片审核
    Laravel + Swoole 打造IM简易聊天室
    Mysql索引降维 优化查询 提高效率
    Nginx支持比Apache高并发的原因
    网站高并发解决方案(理论知识)
    mysql大量数据分页查询优化-延迟关联
  • 原文地址:https://www.cnblogs.com/atuotuo/p/4347736.html
Copyright © 2011-2022 走看看