1、 打开 VS2010 Prompt  工具,创建证书。

输入以下命令:

makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=localhost -sky exchange -pecertmgr.exe -add -r LocalMachine -s My -c -n localhost -r CurrentUser -s TrustedPeople

2、设置证书访问权限

按照下面的步骤可解决 IIS7 Keyset does not exist 的问题, 根源为权限问题

1:运行 输入 mmc
2:Console -> file->add/remove snap/in
3:弹出的界面左边第三项:certificates-> add
3:弹出的界面选择computer Account 下一步第一个项 ok。
4:certificates下面找到 Personal certificates 右边 可以找到你创建的证书
5:最关键的一步:右击证书->All tasks-> manager private keys->在谈出的security中加入 everyone  full control

3、创建项目

3.1 项目结构

3.2  服务端代码(service.cs)

View Code

//  Copyright (c) Microsoft Corporation.  All Rights Reserved.using System;
using System.ServiceModel;namespace Microsoft.ServiceModel.Samples
{// Define a service contract.[ServiceContract(Namespace="http://Microsoft.ServiceModel.Samples")]public interface ICalculator{[OperationContract]bool IsCallerAnonymous();[OperationContract]double Add(double n1, double n2);[OperationContract]double Subtract(double n1, double n2);[OperationContract]double Multiply(double n1, double n2);[OperationContract]double Divide(double n1, double n2);}// Service class which implements the service contract.// Added code to return whether the caller is anonymouspublic class CalculatorService : ICalculator{public bool IsCallerAnonymous(){// ServiceSecurityContext.IsAnonymous returns true if the caller is not authenticatedreturn ServiceSecurityContext.Current.IsAnonymous;}public double Add(double n1, double n2){double result = n1 + n2;return result;}public double Subtract(double n1, double n2){double result = n1 - n2;return result;}public double Multiply(double n1, double n2){double result = n1 * n2;return result;}public double Divide(double n1, double n2){double result = n1 / n2;return result;}}}

3.3 服务端(service.svc)

<%@ServiceHost language=c# Debug="true" Service="Microsoft.ServiceModel.Samples.CalculatorService" %>

3.4 客户端代码(client.cs)

View Code

//  Copyright (c) Microsoft Corporation.  All Rights Reserved.using System;
using System.ServiceModel;namespace Microsoft.ServiceModel.Samples
{//The service contract is defined in generatedClient.cs, generated from the service by the svcutil tool.//Client implementation code.class Client{static void Main(){// Create a client with given client endpoint configurationCalculatorClient client = new CalculatorClient();// Call the GetCallerIdentity operationConsole.WriteLine("IsCallerAnonymous returned: {0}", client.IsCallerAnonymous());// Call the Add service operation.double value1 = 100.00D;double value2 = 15.99D;double result = client.Add(value1, value2);Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);// Call the Subtract service operation.value1 = 145.00D;value2 = 76.54D;result = client.Subtract(value1, value2);Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);// Call the Multiply service operation.value1 = 9.00D;value2 = 81.25D;result = client.Multiply(value1, value2);Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);// Call the Divide service operation.value1 = 22.00D;value2 = 7.00D;result = client.Divide(value1, value2);Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);//Closing the client gracefully closes the connection and cleans up resources
            client.Close();Console.WriteLine();Console.WriteLine("Press <ENTER> to terminate client.");Console.ReadLine();}}
}

3.5、 设置WCF 项目中的(服务端)配置文件

            <?xml version="1.0" encoding="utf-8" ?><configuration><system.serviceModel><services><service name="Microsoft.ServiceModel.Samples.CalculatorService"behaviorConfiguration="CalculatorServiceBehavior"><!-- this endpoint is exposed at the base address provided by host: http://localhost/servicemodelsamples/service.svc  --><endpoint address=""binding="wsHttpBinding"bindingConfiguration="Binding1" contract="Microsoft.ServiceModel.Samples.ICalculator" /><!-- the mex endpoint is exposed at http://localhost/servicemodelsamples/service.svc/mex --><endpoint address="mex"binding="mexHttpBinding"contract="IMetadataExchange" /></service></services><bindings><wsHttpBinding><!-- This configuration defines the security mode as Message and the clientCredentialType as None.This mode provides server authentication only using the service certificate.--><binding name="Binding1"><security mode = "Message"><message clientCredentialType="None"/></security></binding></wsHttpBinding></bindings><!--For debugging purposes set the includeExceptionDetailInFaults attribute to true--><behaviors><serviceBehaviors><behavior name="CalculatorServiceBehavior"><!-- The serviceCredentials behavior allows one to define a service certificate.A service certificate is used by a client to authenticate the service and provide message protection.This configuration references the "localhost" certificate installed during the setup instructions.--><serviceCredentials><serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /></serviceCredentials><serviceMetadata httpGetEnabled="True"/><serviceDebug includeExceptionDetailInFaults="False" /></behavior></serviceBehaviors></behaviors></system.serviceModel></configuration>

3.6、设置客户端(App.Config)

<?xml version="1.0" encoding="utf-8" ?>
<configuration><system.serviceModel><client><endpoint name=""address="http://localhost/TestService/service.svc" binding="wsHttpBinding" behaviorConfiguration="ClientCredentialsBehavior"bindingConfiguration="Binding1" contract="Microsoft.ServiceModel.Samples.ICalculator" /></client><bindings><wsHttpBinding><!-- This configuration defines the security mode as Message and the clientCredentialType as None.--><binding name="Binding1"><security mode = "Message"><message clientCredentialType="None"/></security></binding></wsHttpBinding></bindings><behaviors><endpointBehaviors><behavior name="ClientCredentialsBehavior"><clientCredentials><serviceCertificate><!-- Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate is in the user's Trusted People store, then it will be trusted without performing avalidation of the certificate's issuer chain. This setting is used here for convenience so that the sample can be run without having to have certificates issued by a certificate authority (CA).This setting is less secure than the default, ChainTrust. The security implications of this setting should be carefully considered before using PeerOrChainTrust in production code. --><authentication certificateValidationMode="PeerOrChainTrust" /></serviceCertificate></clientCredentials></behavior></endpointBehaviors></behaviors></system.serviceModel>
</configuration>

本示例提供代码下载

转载于:https://www.cnblogs.com/tianjinquan/archive/2012/08/18/2645019.html

WCF 使用证书认证 方法相关推荐

  1. 基于QWebView开发的浏览器通过需要证书认证网站的方法

    本文由Markdown语法编辑器编辑完成. 1. 前言 现有一款基于QT开发的网络浏览器.已经可以访问一般的网站,如百度,新浪网站等等.但是,当基于该浏览器访问一些内部网站,如需要证书认证的医院HIS ...

  2. 通过双向证书认证使用 gSOAP 访问 web services

    概述 本文通过一系列的实验步骤描述,向您展示如何使用 gSOAP 编写的客户端,通过双向证书认证,访问由 tomcat7 和 Axis2 搭建的 web 服务.全文循序渐进,分为几个阶段逐步展开,每个 ...

  3. php curl 不验证ssl,PHP Curl https跳过ssl证书认证报错记录及解决

    PHP Curl https跳过ssl证书认证报错记录及解决 function get($url = '', $cookie = '') { $ch = curl_init(); curl_setop ...

  4. java实现https免证书认证

    java实现https免证书认证 解决方法: 1.下载两个包,httpclient-4.2.jar和httpcore-4.2.jar,复制以下代码就可使用. 2.调用类代码: String httpO ...

  5. 【安全牛学习笔记】思路、身份认证方法、密码破解方法、字典

    思路 目标系统实施了强安全措施 - 安装了所有补丁 - 无任何已知漏洞 - 无应用层漏洞 - ***面最小化 社会工程学 获取目标系统用户身份 - 非授权用户不守信,认证用户可以访问守信资源 - 已有 ...

  6. Zimbra高级应用之-双向证书认证(一)

    使用zimbra作为企业邮件服务器的公司,可能会遇到这样一种情况:使用用户名+密码的传统认证方法,经常会发现有人恶意登录用户邮箱,采取暴力 破解,不断尝试登录密码.同时,简单密码组合很轻易被破解.从而 ...

  7. 【Docker】Registry搭建私有仓库、证书认证、用户登录认证

    一.Docker Registry工作原理 02_Docker Registry角色 Docker Registry有三个角色,分别是index.registry和registry client. i ...

  8. 理解GBASE LDAP认证方法

    在绑定到 LDAP 服务器时,可以用以下方法来认证客户端:简单认证(Simple Authentication) 和 基 于 证 书 的 客 户 端 认 证 (Certificate-based cl ...

  9. 百度地图--证书认证问题

    百度地图在局域网内使用HTTPS协议证书认证失败解决方法 问题原因 根据甲方客户要求,需要将项目之前的HTTP协议改为安全的HTTPS协议,且将之前应用的离线百度地图,改为在线百度地图. HTTPS证 ...

最新文章

  1. 面试再被问到 ConcurrentHashMap,把这篇文章甩给他!
  2. 阻碍GIS产业发展的三大问题
  3. Android http Request / Response ContentType
  4. springboot2 虚拟路径设置_转载—springboot配置虚拟路径以外部访问
  5. Java集合(八) 迭代器Iterator、泛型、Map映射
  6. python kivy ios_Kivy跨平台技术开发iOS
  7. uva计算机水平,UVA 12096 集合栈计算机
  8. ES6--Decorator修饰器
  9. 车牌检测和识别(转)
  10. 一些iptables的具体应用
  11. gentoo AR9285 BCM57780 安装驱动
  12. TCP 和 UDP 有什么区别?
  13. 程序人生:我是一只小小鸟
  14. C#基础 连接数据库
  15. 【《Real-Time Rendering 3rd》 提炼总结】(五) 第六章 · 纹理贴图及相关技术 The Texturing
  16. 同济大学Python程序设计基础 实验七:文件
  17. 关于springboot 的默认数据源
  18. 外行朋友值得一读的5本经典数学书
  19. echarts饼状图中间显示数值加上名字
  20. matplotlib绘制两个图形及网格、透明度、图例、颜色等

热门文章

  1. Cluster模式潜在问题及解决方案、Web服务综合解决方案
  2. 使用mac m1跑fortran代码hello world
  3. 舰娘 服务器 维护时间,《舰娘Collection》停止运营公告
  4. linux内核通用提权漏洞expliot 脏牛Dirty COW
  5. 9.为包含指针的关联容器指定比较类型
  6. 文件的文本打开方式和二进制打开方式的区别
  7. android动态32位so,Android:动态库(.so)调试技巧
  8. 让C++对象只能分配到堆/栈和静态区上并判断分配位置
  9. [BUUCTF-pwn]——pwnable_echo2
  10. 网站 admin.php,caozha-admin(PHP网站后台管理框架)v1.7.1官方安装版