• wcf 证书+ssl+自定义用户名密码


    1.生成证书 makecert -sr localmachine -ss My -n CN=WCFServer -sky exchange -pe -r

    2.ssl证书设置

      httpcfg: 1.httpcfg query ssl 

           2.httpcfg set ssl -i 0.0.0.0:port -h hash

      netsh:

           1. netsh http show sslcert

           2. netsh http add sslcert ipport=0.0.0.0:port certhash=hash appid={GUID}

      hash:证书的指纹

      GUID:调用的应用程序的GUID

      httpcfg:XP/2003/win8

      netsh:vist/win7/win8

      个人觉得win8下用netsh比较好  记得管理员权限

    3.服务端配置

      1.绑定

        设置绑定的安全模式为通道安全

    <security mode="Transport">

        客户类型凭证为基本

      <transport clientCredentialType="Basic"></transport>

      2.基地址

        基地址为https开头  

    <add baseAddress = "https://127.0.0.1:3555/TractabilityWCFServiceLib/Service1/" />

      3.终结点

        设置支持https的绑定模式、配置绑定

     <endpoint address ="" binding="wsHttpBinding" contract="TractabilityWCFInface.IService1" bindingConfiguration="wsHttps"/>
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> 

      4.设置服务行为

        设置元数据终结点为https

    <serviceMetadata httpsGetEnabled="True"/>

        设置服务凭证

        1.服务端为证书验证

    <serviceCertificate x509FindType="FindBySubjectName" storeName="My" storeLocation="LocalMachine" findValue="WcfServerPK"/>

        2.客户证书的身份验证为none

    <clientCertificate>
           <authentication certificateValidationMode="None"/>
    </clientCertificate>

        3.用户名密码身份验证为自定义 指定验证类

    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="命名空间.类名,程序集"/>

      5.自定义用户名密码验证类

        继承  System.IdentityModel.Selectors.UserNamePasswordValidator

        实现  Validate(string userName, string password)

            public override void Validate(string userName, string password)
            {
                Console.WriteLine("username=" + userName);//客户端传来的用户名
                Console.WriteLine("password=" + password);//客户端传来的密码
            }  
    

    4.客户端配置

      1.信任证书

            ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidationCallback;
    
            private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            {
                return true;
            }    

      2.传入用户名、密码

            client.ClientCredentials.UserName.UserName = "admin";
            client.ClientCredentials.UserName.Password = "1231313"; 
  • 相关阅读:
    nsq 启动流程讲解
    nsq 初识
    【资料】http包接口和结构体
    http包详解 2
    http包详解 1
    openstack多节点部署运维
    一款简单实用的串口通讯框架(SerialIo)
    ~MySQL Perfect~
    linux创建用户设置密码
    linux安装tomcat且配置环境变量
  • 原文地址:https://www.cnblogs.com/qingducx/p/3965039.html
Copyright © 2020-2023  润新知