WCF Authentication - X509 Certificate_问答_开发者

开发者 https://www.devze.com 2023-03-13 17:41 出处：网络

I want to authenticate users to my WCF service using X509 certificates.I setup my service to use SSL 开发者_运维知识库and make all relevant WCF configuration.When I try to consume my service I get the

I want to authenticate users to my WCF service using X509 certificates. I setup my service to use SSL 开发者_运维知识库and make all relevant WCF configuration. When I try to consume my service I get the following error:

 The remote certificate is invalid according to the validation procedure.

If I take my certificate (self-signed) and add it to the Trusted People, then that error goes away. I believe this means I need to provide my certificate to all (external) consumers of my service. Is there any way around this?

All cerificates are validated by a certificate authority (CA).

In your case, I suspect that your CA is not trusted. Start MMC and add certificate manager for your local machine. Se under Trusted Root CA (do not remember exact word).

Self-signed certicates means that the CA of a certificate is the same as the certificate itself.

Also realize how you can use certificates: Are you using them to identifify your clients, or for SSL purposes of encrypting the transport level?

If you want to use certificates for many different clients, I strongly recommend you take a look at public PKI services from companies like Verisign

Self-signed certificates are not and can not be trusted (unless the user explicitly trusts them or some code does this). You indeed need to purchase a certificate from one of established CAs such as Thawte, GlobalSign, Comodo (InstantSSL). We use GlobalSign and Comodo, each has it's own advantages. What you need is a regular "SSL certificate" (as they call it though this name is incorrect) issued for your server's domain name.

Since we are using a self-signed certificate for dev purposes, I had to override the validation of the certificate. My code was:

if (validateServerCertificate)
        {
            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
        }
private static bool ValidateRemoteCertificate(object sender,
                                                  X509Certificate certificate,
                                                  X509Chain chain,
                                                  SslPolicyErrors policyErrors)
    {
        return true;
    }