1

WCF サービス メッセージ資格情報セキュリティの設定で興味深い問題が発生しています。クライアント側で次の例外が発生します。

An unhandled exception of type 'System.InvalidOperationException' occurred in mscorlib.dll

Additional information: The service certificate is not provided for target 'http://myMachine/SPTestService/Service1.svc'. Specify a service certificate in ClientCredentials.

これにより、クライアント構成でサーバー証明書を指定する必要があると思われますが、その理由はわかりません。これは ChainTrust を使用する必要があります。興味深いことに、TransportWithMessageCredential に切り替えると (SSL 経由で動作するようになります)、動作し、メッセージ資格情報も正しく検証されます。これは WCF のバグですか? 幸いなことに、TransportWithMessageCredential は私が向かっていた場所だったので、そのプロセスを加速させます。

メッセージ資格情報のみを使用すると、構成は次のようになります。

クライアント:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <behaviors>
            <endpointBehaviors>
                <behavior name="serviceBehavior">
                    <clientCredentials>
                        <clientCertificate storeName="My" storeLocation="LocalMachine"
                                           findValue="CN=myCert" />
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
        <bindings>
            <basicHttpBinding>
                <binding name="serviceEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="Message">
                        <transport clientCredentialType="None" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="Certificate" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://myMachine/SPTestService/Service1.svc"
                behaviorConfiguration="serviceBehavior"      
                binding="basicHttpBinding" bindingConfiguration="serviceEndpoint"
                contract="ServiceReference2.IService1" name="serviceEndpoint" />
        </client>
    </system.serviceModel>
</configuration>

サービス:

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>  
  <system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="serverBinding" messageEncoding="Mtom">
                <security mode="Message">
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="serviceBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <dataContractSerializer maxItemsInObjectGraph="2147483646" />
          <serviceCredentials>
            <serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="CN=myCert"  />
            <clientCertificate>
                <authentication revocationMode="NoCheck"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
      <services>
          <service behaviorConfiguration="serviceBehavior" name="SPTestService.Service1">
              <endpoint address="" binding="basicHttpBinding" bindingConfiguration="serverBinding" name="serviceEndpoint" contract="SPTestService.IService1" />
          </service>
      </services>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

TransportWithMessage を使用すると、構成は次のようになります。

クライアント:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <behaviors>
            <endpointBehaviors>
                <behavior name="serviceBehavior">
                    <clientCredentials>
                        <clientCertificate storeName="My" storeLocation="LocalMachine"
                                           findValue="CN=myCert" />
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
        <bindings>
            <basicHttpBinding>
                <binding name="serviceEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="TransportWithMessageCredential">
                        <transport clientCredentialType="None" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="Certificate" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://myMachine/SPTestService/Service1.svc"
                behaviorConfiguration="serviceBehavior"      
                binding="basicHttpBinding" bindingConfiguration="serviceEndpoint"
                contract="ServiceReference2.IService1" name="serviceEndpoint" />
        </client>
    </system.serviceModel>
</configuration>

サービス:

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>  
  <system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="serverBinding" messageEncoding="Mtom">
                <security mode="TransportWithMessageCredential">
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="serviceBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <dataContractSerializer maxItemsInObjectGraph="2147483646" />
          <serviceCredentials>
            <serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="CN=myCert"  />
            <clientCertificate>
                <authentication revocationMode="NoCheck"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
      <services>
          <service behaviorConfiguration="serviceBehavior" name="SPTestService.Service1">
              <endpoint address="" binding="basicHttpBinding" bindingConfiguration="serverBinding" name="serviceEndpoint" contract="SPTestService.IService1" />
          </service>
      </services>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>
4

0 に答える 0