SSL/TLS is applied to WCF without Svc files

In many projects, we may need to use SSL/TLS (SSL Security Socket Layer Secure Socket/TSL Transfer Layer Security Transport Layer Security) to authenticate the client and the server, the Session Key generated after successful authentication between the client and the server is used to encrypt the data to ensure the confidentiality of the message.

Apply SSL/TLS, and naturally think of certificates .. Net platform, you can use makeCert to create a test certificate. For more information about how to use makeCert, see MSDN.

Content of this section:

1. Certificate Creation

2. server configuration without Svc files

3. Client call

1. Certificate Creation

The Command Used in this example to create a certificate is as follows:

makecert -r -pe -n "CN= Tyb1222 " -b 01/01/2000 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1   -ss my -sr localMachine -sky exchange -sp   "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Note that the red part of the preceding command indicates the certificate topic.

-Ss my indicates that the certificate is stored in a personal region.

-Sr localMachine: stored on a local computer

This information will be used in later configuration. For more information, see the description in MSDN.

View certificates

 

2. server configuration without Svc files

<? Xml version = "1.0" encoding = "UTF-8"?> <! -- Access the http://go.microsoft.com/fwlink/ for detailed messages about how to configure ASP. NET applications? LinkId = 169433 --> <configuration> <system. serviceModel> <bindings> <basicHttpBinding> <binding name = "vrvTransportBinding"> <security mode = "Transport"> <transport clientCredentialType = "None"> </transport> </security> </binding> </basicHttpBinding> </bindings> <serviceHostingEnvironment> <serviceActivations> <add service = "VrvService. stateGrid. terminalService "relativeAddress =" TerminalService. svc "/> </serviceActivations> </serviceHostingEnvironment> <services> <service name =" VrvService. stateGrid. terminalService "behaviorConfiguration =" vrvServiceBehavior "> <endpoint address =" binding = "basicHttpBinding" contract = "VrvService. interface. ITerminal "behaviorConfiguration =" canonical "bindingConfiguration =" vrvTransportBinding "> </endpoint> <endpoint address =" mex "binding =" mexHttpsBinding "contract =" IMetadataExchange "/> </service> </services> <behaviors> <serviceBehaviors> <behavior name = "vrvServiceBehavior"> <serviceMetadata httpsGetEnabled = "true"/> <serviceDebug rules = "True"/> <serviceCredentials> <windowsAuthentication authentication = "true"/> <clientCertificate> <authentication = "PeerTrust"/> </authentication> <serviceCertificate findValue = "Tyb1222" storeName = "My" storeLocation = "LocalMachine "x509FindType =" FindBySubjectName "/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system. serviceModel> </configuration>

3. Client call

You can call the service by adding a reference: for example, click OK:

 

The client call code is as follows:

            var proxy = new TerminalClient();            proxy.GetTerminalAlarm("123123", 10);

The following error occurs during code execution:

Because the certificate is authenticated in the trust chain mode, if the certificate is not received, the above exception will occur. The solution is as follows:

1. Import the certificate to the "Trusted Root Certificate Authority", for example:

After the operation in the import window, the client will not call the above exceptions.

2. When calling the C # client, you can use the code callback certificate authentication method:

                ServicePointManager.ServerCertificateValidationCallback +=                (sender, certificate, chain, sslPolicyError) => true;            var proxy = new TerminalClient();            proxy.GetTerminalAlarm("123123", 10);    

Refer:

Http://www.cnblogs.com/artech/archive/2011/06/02/Authentication_042.html