WCF nettcpbinding Transport Security Mode (4)

clientCredentialType certificate Authentication Mode----BASIC configuration

In transport Safe mode, client credentials support three types: None, Windows, certificate. The Windows credential type is used by default. The Windows credential type has been used in the examples in the previous subsections, and this section explores certificate credentials primarily.

With certificate credentials, you first need to prepare the server and client certificates. The command to create the certificate is shown in Figure 11-10.

Figure 11-10 Creating a certificate

Follow the command in Figure 11-10 to create two certificates named "Xuanhunserver" and "xuanhunclient" for both the server and the client, and the store as "CurrentUser".

After you have the certificate file, you need to modify the related configuration to enable certificate validation. On the server side, add the Behaviors configuration section, as shown in Listing 11-19, to configure the server-side certificate in the Behaviors configuration section.

Code listing 11-19 Configuring a server-side certificate

<behaviors>
    
     <serviceBehaviors>
    
       <behavior name= "Validatebehavior" >
    
         < servicecredentials>
    
           <servicecertificate 
    
              x509findtype= "findbysubjectname"
    
               storelocation= " CurrentUser "
    
               storename=" my "
    
               findvalue=" Xuanhunserver "
    
           />
    
           <clientcertificate >
    
             <authentication certificatevalidationmode= "None" trustedstorelocation= "CurrentUser"/>
    
             <certificate />
    
           </clientCertificate>
    
         </serviceCredentials>
    
       </behavior>
    
     </ Servicebehaviors>
    
   </behaviors>

In the above code, the ServiceCredentials section is used to add a server-side certificate configuration that contains multiple servicecertificate sections that specify specific server-side certificate instances. ServiceCredentials configuration section can be configured with credential information see 11.1.3 section.

The Servicecertificate basic syntax is shown in listing 11-20 of the code.

Code listings 11-20 servicecertificate Basic syntax

<servicecertificate findvalue= "String"
    
    storelocation= "Localmachine/currentuser"
    
    

storename= " Addressbook/authroot/certificateauthority/disallowed/my

/root/trustedpeople/trustedpublisher "
    
X509findtype= "Findbythumbprint/findbysubjectname/findbysubjectdist

inguishedname/findbyissuername/ Findbyissuerdistinguishedname/findbyseri

Alnumber/findbytimevalid/findbytimenotyetvalid/findbytemplatename /findb

Yapplicationpolicy/findbycertificatepolicy/findbyextension/findbykeyusa

ge/ Findbysubjectkeyidentifier "
    
/>

Servicecertificate contains attributes and descriptions as shown in table 11-7.

Table 11-7 Servicecertificate Properties