发表新帖
发表新帖

Certificate on a WCF service that does not use IIS

后端 未结
关注
2 542
广开言路
广开言路 2020-12-13 23:07

I have a WCF application that normally runs in IIS (for my testing and production environments). But when I run it from my debugger it is setup to run self hosted (that is,

相关标签:
2条回答
  • 既然无缘
    2020-12-13 23:12

    I just want to add some helpful information on how to programatically install an SSL certificate for a self-hosted WCF service. This does not cover how to get the WCF application to use the SSL certificate, since that is well-documented elsewhere on the web.

    This is intended to be run at setup time by an administrator, and not by the actual application itself, which in this example, runs under the limited Network Service account.

    • The code must run as an administrator.
    • Set the HTTP Namespace reservation programatically using the example in Programatically Granting a Namespace Reservation.
    • Set the SSL information programatically using the example in Changing the Certificate associated with IP address using HttpServiceConfiguration.

    You can then use those code samples to install and configure the certificate:

    if (!IsAdministrator())
{
   Console.WriteLine("Must run "+
                "as a user with local Administrator privileges.");
   Environment.Exit(-1);
}

//Open the cert.
X509Certificate2 certificate = new X509Certificate2(certFilePath);

//Add it to the local store
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(certificate);
certStore.Close();

//Reserve an HTTPS namespace for it.
string urlPrefix = string.Format("https://+:{0}/{1}", portNum, appPath);
ReserveHttpNamespace.ModifyReservation(urlPrefix, "Network Service", false);

//Set the SSL cert for this service.
SetSSLCert.BindCertificate("0.0.0.0", portNum, certificate.GetCertHash());

    You can then check that this ran correctly using the helpful HttpCfg UI Tool.

    0 讨论(0)
  • 温柔的废话
    2020-12-13 23:30

    Yes, you have to have a base or endpoint address of HTTPS and you also have to specify the service certificate via a behavior

    <behaviors>
<behavior configurationName="BasicSecurityProfileMutualCertificateBehavior"
    returnUnknownExceptionsAsFaults="true">
    <serviceCredentials>
    <serviceCertificate findValue="Bob"
    storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
    </serviceCredentials>
</behavior>
</behaviors>
    0 讨论(0)
 看不清?
提交回复
热议问题