WCF サービスをホストするために Windows azure Web ロールを使用しています。この WCF サービスでは、証明書認証が有効になっています。RootCertificate とサーバー証明書は、ホステッド サービス - 証明書セクションにアップロードされます。デプロイ中に、これらの証明書は Azure ロールの CurrentUser、マイ ストアに自動的にインストールされます。
すべてが正常に機能しています。サービスをアップグレードすると問題が発生します。アップグレード後、職業上複数の x509 証明書エラーが発生します。拇印で証明書を見つけているので、複数の拇印で証明書を見つける可能性はありません。
誰かが同様の問題に直面していますが、その解決策は投稿されていません。http://social.msdn.microsoft.com/forums/en-US/wcf/thread/aa2ce0e3-4ee7-4d6e-8ea8-0ac1f75e912b/を参照 してください。
以下のような Web.config ファイル。実際の拇印の値を削除しました。
<behavior name="customBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom"
customCertificateValidatorType="CCP.Hosting.Provisioning.WebRole.Authentication.Implementation.X509CertificateValidator,CCP.Hosting.Provisioning.WebRole"
revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate
findValue="{ThumbPrint}"
x509FindType="FindByThumbprint"
storeLocation="CurrentUser"
storeName="My"/>
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<wsHttpBinding>
<binding name="customWsHttpBinding" receiveTimeout="00:15:00" sendTimeout="00:05:00" maxReceivedMessageSize="400000000">
<readerQuotas maxDepth="5000000" maxStringContentLength="50000000"
maxArrayLength="50000000" maxBytesPerRead="50000000" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="CCP.Hosting.Provisioning.WebRole.ProvisioningService" behaviorConfiguration="customBehavior" >
<endpoint binding="wsHttpBinding" bindingConfiguration="customWsHttpBinding"
address="" contract="CCP.Provisioning.Web.Interfaces.IProvisioningService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
時折、以下のエラーが発生します。以下のエラーから拇印を削除しました。
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 7/11/2012 11:51:16 AM
Event time (UTC): 7/11/2012 11:51:16 AM
Event ID: 841596aaed284171896138a00b734fe3
Event sequence: 2
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1273337584/ROOT-1-129864806465987458
Trust level: Full
Application Virtual Path: /
Application Path: E:\sitesroot\0\
Machine name: RD00155D3AAD31
Process information:
Process ID: 3432
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: InvalidOperationException
Exception message: Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindByThumbprint', FindValue '{Thumbprint}'. Provide a more specific find value.
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[T](ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at Unity.Wcf.UnityServiceHost..ctor(IUnityContainer container, Type serviceType, Uri[] baseAddresses)
at Unity.Wcf.UnityServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
Request information:
Request URL: http://abcd.cloudapp.net/blahblah.svc
Request path: /ProvisioningService.svc
User host address: 210.18.83.151
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 8
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(X509CertificateRecipientServiceCredential cert)
at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(ServiceCredentials behavior)
at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[T](ServiceModelExtensionCollectionElement`1 behaviorElement, KeyedByTypeCollection`1 behaviors, Boolean commonBehaviors)
at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at Unity.Wcf.UnityServiceHost..ctor(IUnityContainer container, Type serviceType, Uri[] baseAddresses)
at Unity.Wcf.UnityServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)