After several days of tests I find the only way I can create a WCF web service with authentication开发者_开发问答 is to put a certificate in localmachine/trustedpeople cert store. The host will not do this for me. Do you know any way to enable WCF authentication without putting a cert in that store? Is there any other way to get WCF security working on shared hosting?
I have worked with a sample on codeproject that puts certs in app_data, but I haven't been able to get that to work.
I did some very simple test on my local IIS. I have very simple service with single method. To expose the service I use this configuration:
<configuration>
<appSettings>
<add key="CertificatePath" value="D:\Applications\CertificateFromFile\App_Data\ServerCert.pfx" />
<add key="CertificatePassword" value="password" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="CertificateFromFile.MyPasswordValidator, CertificateFromFile" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<clear />
<add scheme="http" binding="wsHttpBinding" />
</protocolMapping>
<bindings>
<wsHttpBinding>
<binding>
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<serviceActivations>
<add service="CertificateFromFile.MyService" factory="CertificateFromFile.MyServiceHostFactory" relativeAddress="Service.svc" />
</serviceActivations>
</serviceHostingEnvironment>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>
The configuration defines:
- Two custom appSettings describing path to the certificate and password.
- Single service with configuration based activation - it will have default endpoint with wsHttpBinding (defined via protocolMapping) requiring message level authentication.
- Default behaviour defining custom password validator but no service certificate!
- Service is activated on custom service host with custom ServiceHostFactory.
The whole magic of loading certificate is done in custom service host and service host factory:
namespace CertificateFromFile
{
public class MyServiceHostFactory : ServiceHostFactory
{
protected override System.ServiceModel.ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
string path = ConfigurationManager.AppSettings["CertificatePath"];
string password = ConfigurationManager.AppSettings["CertificatePassword"];
return new MyServiceHost(serviceType, path, password, baseAddresses);
}
}
public class MyServiceHost : ServiceHost
{
private readonly string _certificatePath;
private readonly string _certificatePassword;
public MyServiceHost(Type serviceType, string certificatePath, string certificatePassword, params Uri[] baseAddresses)
: base(serviceType, baseAddresses)
{
_certificatePath = certificatePath;
_certificatePassword = certificatePassword;
}
protected override void OnOpening()
{
base.OnOpening();
var certificate = new X509Certificate2(_certificatePath, _certificatePassword);
var credentials = Description.Behaviors.Find<ServiceCredentials>();
credentials.ServiceCertificate.Certificate = certificate;
}
}
}
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论