WCF Self-Hosting 建立安全(https) Application

2012-04-19

2074
0
WCF

摘要:WCF Self-Hosting 建立安全(https) Application

1. say to the http.sys to know about ssl certificate on the port 8000
[win7 +]
Netsh http add sslcert ipport=0.0.0.0:8000 certhash=憑證指紋 appid={00112233-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable
[XP]
httpcfg set ssl /i 0.0.0.0:8000 /h 憑證指紋 /g "{a2c24c79-b0ef-4783-8ed8-d93836fec137}"

2. adding url to listening
[win7 +]
netsh http add urlacl url=https://+:8000/ sddl="D:(A;;GX;;;LS) user = Domain\User
[XP]
httpcfg set urlacl -u https://*:8000/ -a D:(A;;GX;;;S-1-5-21-1144070942-1563683482-3278297161-1114)

3. 程式樣板


 Sub Main()
        Dim addressHttps = String.Format("https://{0}:8000/hello", Dns.GetHostEntry("").HostName)

        Dim wsHttpBinding = New WSHttpBinding()
        wsHttpBinding.Security.Mode = SecurityMode.Transport
        'wsHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate
        wsHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None

        Dim serviceHost = New ServiceHost(GetType(HelloWorldService), New Uri(addressHttps))
        Dim endpoint As Type = GetType(IHelloWorldService)
        serviceHost.AddServiceEndpoint(endpoint, wsHttpBinding, "MyService")

        serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "04c525d9e9ec21246c56aa984c8b073d33068246")
        serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust
        Dim smb = New ServiceMetadataBehavior()

        smb.HttpsGetEnabled = True
        smb.HttpsGetUrl = New Uri(addressHttps)
        'smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15

        serviceHost.Description.Behaviors.Add(smb)
        Try
            serviceHost.Open()

            Dim address As String = serviceHost.Description.Endpoints(0).ListenUri.AbsoluteUri
            Console.WriteLine("Listening @ {0}", address)
            Console.WriteLine("Press enter to close the service")
            Console.ReadLine()
            serviceHost.Close()
        Catch ce As CommunicationException
            Console.WriteLine("A commmunication error occurred: {0}", ce.Message)
            Console.WriteLine()
        Catch exc As Exception
            Console.WriteLine("An unforseen error occurred: {0}", exc.Message)
            Console.ReadLine()
        End Try
End Sub

4. 調用注意如果不進行客戶端驗證,請忽略驗證.


    
    Public Sub TestSelfHosting()
        Dim objService = New SelfHosting.HelloWorldServiceClient()
        ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf RemoteCertificateValidate)
        ServicePointManager.Expect100Continue = True
        Dim strResult = objService.SayHello("a")

        Assert.IsNotNull(strResult)
    End Sub

    Private Shared Function RemoteCertificateValidate(sender As Object, cert As X509Certificate, chain As X509Chain, err As SslPolicyErrors) As Boolean
        ' trust any certificate!!!
        System.Console.WriteLine("Warning, trust any certificate")
        Return True
    End Function

人生到處知何似
應似飛鴻踏雪泥

回首頁