数字证书及在WCF中的应用
生活随笔
收集整理的這篇文章主要介紹了
数字证书及在WCF中的应用
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
一 概念
? 1、內容
? ? 證書的發布機構
? ? 證書的有效期
? ? 證書所有者(Subject)
? ? 簽名所使用的算法
? ? 指紋以及指紋算法
? ? 公鑰
? ? 私鑰
? 2、存儲區
? 3、有效性
二 作用
? 1、增強傳輸的安全性與消息的完整性
? ? 防止消息被查看與篡改
? 2、保證發信的不可抵賴性
三 創建、查看、導入、導出
? 1、運行命令“makecert -r -pe -n "CN=MyServer" -ss My -sky exchange”,創建并存儲證書
? 2、運行“mmc”命令,彈出“Microsoft管理控制臺”窗體。在此進行證書的查看、導入、導出等工作。
四 在WCF中使用X.509證書
WCF服務端
1、需要一個包含私鑰的數字證書
? makecert -r -pe -n "CN=MyServer" -ss My -sky exchange
2、Binding的Security模式設置為“Certificate”
代碼方式
public class CustomX509CertificateValidator : X509CertificateValidator {public override void Validate(X509Certificate2 certificate){} }var binding = new NetTcpBinding {Security ={Mode = SecurityMode.Message,Message = { ClientCredentialType = MessageCredentialType.Certificate },}, }; host.AddServiceEndpoint(contract, binding, contract.Name);var serviceBehaviors = new List<IServiceBehavior>(); var serviceCredentials = new ServiceCredentials(); //設置數字證書 serviceCredentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "MyServer"); //設置數字證書的有效性驗證模式 serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom; serviceCredentials.ClientCertificate.Authentication.CustomCertificateValidator = new CustomX509CertificateValidator(); serviceBehaviors.Add(serviceCredentials); foreach (var serviceBehavior in _serviceBehaviors) {if (host.Description.Behaviors.Contains(serviceBehavior.GetType()))host.Description.Behaviors.Remove(serviceBehavior);host.Description.Behaviors.Add(serviceBehavior); }WCF客戶端
1、需要一個包含私鑰的數字證書
? makecert -r -pe -n "CN=MyClient" -ss My -sky exchange
2、Binding的Security模式設置為“Certificate”
代碼方式
static ChannelFactory<T> GetFactory<T>(object callbackObject)where T : IServiceContract {//獲取數字證書var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);store.Open(OpenFlags.ReadOnly);var certs = store.Certificates.Find(X509FindType.FindBySubjectName, "MyClient", false);if (certs.Count == 0)throw new SecurityException("客戶端未安裝數字證書");var cert = certs[0];var binding = new NetTcpBinding(Properties.Settings.Default.BindingConfigurationName);var address = new EndpointAddress(new Uri(string.Format("{0}/{1}", Properties.Settings.Default.EndpointAddress, typeof(T).Name))//, EndpointIdentity.CreateDnsIdentity("MyServer"));var factory = (callbackObject == null)? new ChannelFactory<T>(binding, address): new DuplexChannelFactory<T>(callbackObject, binding, address);var cc=factory.Endpoint.Behaviors.Find<ClientCredentials>();cc.ClientCertificate.Certificate = cert;cc.ServiceCertificate.Authentication.CertificateValidationMode=X509CertificateValidationMode.None;return factory; }配置方式
<bindings><netTcpBinding><binding name="NetTcpBinding"><security mode="Message"><message clientCredentialType="Certificate" algorithmSuite="Default" /></security></binding></netTcpBinding> </bindings>五 參考
x.509證書在WCF中的應用(CS篇)??X.509 & RSA??
WCF應用X509證書??
序、消息安全模式之UserName客戶端身份驗證
??
轉載于:https://www.cnblogs.com/beta2013/archive/2012/05/07/3377308.html
總結
以上是生活随笔為你收集整理的数字证书及在WCF中的应用的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: solaris
- 下一篇: Algorithm Course Rev