1.生成证书 makecert -sr localmachine -ss My -n CN=WCFServer -sky exchange -pe -r
2.ssl证书设置
httpcfg: 1.httpcfg query ssl
2.httpcfg set ssl -i 0.0.0.0:port -h hash
netsh:
1. netsh http show sslcert
2. netsh http add sslcert ipport=0.0.0.0:port certhash=hash appid={GUID}
hash:证书的指纹
GUID:调用的应用程序的GUID
httpcfg:XP/2003/win8
netsh:vist/win7/win8
个人觉得win8下用netsh比较好 记得管理员权限
3.服务端配置
1.绑定
设置绑定的安全模式为通道安全
<security mode="Transport">
客户类型凭证为基本
<transport clientCredentialType="Basic"></transport>
2.基地址
基地址为https开头
<add baseAddress = "https://127.0.0.1:3555/TractabilityWCFServiceLib/Service1/" />
3.终结点
设置支持https的绑定模式、配置绑定
<endpoint address ="" binding="wsHttpBinding" contract="TractabilityWCFInface.IService1" bindingConfiguration="wsHttps"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
4.设置服务行为
设置元数据终结点为https
<serviceMetadata httpsGetEnabled="True"/>
设置服务凭证
1.服务端为证书验证
<serviceCertificate x509FindType="FindBySubjectName" storeName="My" storeLocation="LocalMachine" findValue="WcfServerPK"/>
2.客户证书的身份验证为none
<clientCertificate>
<authentication certificateValidationMode="None"/>
</clientCertificate>
3.用户名密码身份验证为自定义 指定验证类
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="命名空间.类名,程序集"/>
5.自定义用户名密码验证类
继承 System.IdentityModel.Selectors.UserNamePasswordValidator
实现 Validate(string userName, string password)
public override void Validate(string userName, string password)
{
Console.WriteLine("username=" + userName);//客户端传来的用户名
Console.WriteLine("password=" + password);//客户端传来的密码
}
4.客户端配置
1.信任证书
ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidationCallback; private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }
2.传入用户名、密码
client.ClientCredentials.UserName.UserName = "admin"; client.ClientCredentials.UserName.Password = "1231313";