WCF 服务接受任何旧证书

【问题标题】:WCF Service Accepts Any Old CertificateWCF 服务接受任何旧证书
【发布时间】:2012-09-24 06:38:05
【问题描述】:

我正在尝试将此 WCF 服务设置为仅在客户端提供“Test 01”证书时接受请求。问题是它似乎接受来自同一机构的任何证书,例如“Test 04”。

如何拒绝所有未使用“Test 01”证书发送的请求?

  <basicHttpBinding>
    <binding
      name="TestSecureBinding"
      maxReceivedMessageSize="5242880">
      <security mode="Transport">
        <transport
          clientCredentialType="Certificate"></transport>
      </security>
    </binding>
  </basicHttpBinding>

    <behavior name="TestCertificateBehavior">
      <serviceCredentials>
        <clientCertificate>
          <certificate
            storeLocation="LocalMachine"
            x509FindType="FindBySubjectName"
            findValue="Test 01"/>
          <authentication
            certificateValidationMode="PeerTrust"
            trustedStoreLocation="LocalMachine"
            revocationMode="NoCheck"/>
        </clientCertificate>
      </serviceCredentials>
    </behavior>
  <service
    name="IService"
    behaviorConfiguration="TestCertificateBehavior">
    <endpoint
      name="MyHttps"
      address="https://localhost:443"
      contract="IService"
      binding="basicHttpBinding"
      bindingConfiguration="TestSecureBinding">
    </endpoint>
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:443"/>
      </baseAddresses>
    </host>
  </service>

【问题讨论】:

标签: wcf wcf-security


【解决方案1】:

没有办法在普通的 WCF 配置中进行配置 - 你必须自己动手。

public class CertificateValidator : X509CertificateValidator
{
    private string _expectedSubjectName;

    public CertificateValidator(string expectedSubjectName)
    {
        _expectedSubjectName = expectedSubjectName;
    }

    public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
    {
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        if (certificate.SubjectName.Name != _expectedSubjectName)
        {
            throw new SecurityTokenValidationException("Invalid certificate");
        }
    }
}

然后将其附加到服务主机:

serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = 
                X509CertificateValidationMode.Custom;
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator =
                new CertificateValidator(expectedCertificateName);

取自:Creating a service that employs a custom certificate validator

【讨论】:

    猜你喜欢
    • 2023-03-16
    • 2012-08-06
    • 2020-11-14
    • 1970-01-01
    • 1970-01-01
    • 2014-05-11
    • 2011-08-01
    • 1970-01-01
    • 2021-10-03
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode