Wcf X.509 인증서 연결 오류가있는 자체 호스팅 서비스

Question

Windows XP에서 실행되는 자체 호스팅 Wcf 서비스가 있고 메시지 보안을 위해 인증서를 사용하려고합니다. 이 작업은 서비스 및 클라이언트 구성 파일을 통해 수행됩니다. 서비스와 클라이언트 모두 동일한 컴퓨터에서 실행되며 makecert.exe를 사용하여 둘 다에 대한 인증서를 만들었습니다. 이 때 clientCredentialType = "Windows"가 있지만 인증서를 사용하도록 구성 파일을 수정했을 때 제대로 작동하지 않습니다. 문제는 클라이언트에서 서비스에 연결하려고하면 다음 예외가 발생한다는 것입니다.

예외 유형 : System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version = 3.0.0.0, Culture = neutral , PublicKeyToken = b77a5c561934e089

메시지 :받는 이진 협상에 잘못된 값 형식 http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego이 있습니다.

내 구성 설정은 다음과 같습니다

서비스 설정 :

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
    <bindings> 
     <wsHttpBinding> 
     <binding name="wsHttpBinding0" closeTimeout="00:10:00" sendTimeout="00:10:00"> 
      <security> 
      <!-- <transport clientCredentialType="Certificate"/> --> 
      <message clientCredentialType="Certificate"/> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="CommMgr.ServiceBehavior"> 
      <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceCredentials> 
      <clientCertificate> 
      <!-- 
       <authentication certificateValidationMode="PeerTrust"/> 
       --> 
       <authentication certificateValidationMode="None"/> 
      </clientCertificate>   
      <serviceCertificate findValue="WcfServer" storeLocation="CurrentUser" 
       storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <services> 
     <service name="CommMgr.Service" behaviorConfiguration="CommMgr.ServiceBehavior"> 
     <endpoint address="http://localhost:8002/Service" 
        binding="wsHttpBinding" 
        name="DataService" 
        bindingNamespace="CommMgr" 
        contract="CommMgr.Service" 
        bindingConfiguration="wsHttpBinding0"> 
      <!-- 
      <identity> 
      <dns value="localhost"/> 
      </identity> 
      --> 
     </endpoint> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost:8080/Service/" /> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    </system.serviceModel> 
    <connectionStrings> 
</configuration> 

클라이언트 설정 :

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
     <bindings> 
      <wsHttpBinding> 
       <binding name="WSHttpBinding_Service" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" 
        allowCookies="false"> 
        <readerQuotas maxDepth="32" maxStringContentLength="16384" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 
        <security mode="Message"> 
         <!-- <transport clientCredentialType="Certificate"/> --> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> 
         <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
           algorithmSuite="Default" establishSecurityContext="true"/> 
        </security> 
       </binding> 
      </wsHttpBinding> 
     </bindings> 
     <behaviors> 
     <endpointBehaviors> 
      <behavior name="ClientCertificateBehavior"> 
      <clientCredentials> 
       <clientCertificate findValue="WcfClient" storeLocation="CurrentUser" 
       storeName="My" x509FindType="FindBySubjectName" /> 
       <serviceCertificate> 
       <!-- 
       <authentication certificateValidationMode="PeerTrust"/> 
       --> 
       <authentication certificateValidationMode="None"/> 
       </serviceCertificate>    
      </clientCredentials> 
      </behavior> 
     </endpointBehaviors> 
     </behaviors> 
     <client> 
      <endpoint address="http://localhost:8080/Service" behaviorConfiguration="ClientCertificateBehavior" 
       binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Service" 
       contract="ServiceReference.Service" name="WSHttpBinding_Service"> 
       <identity> 
        <!-- <dns value="WcfServer" /> --> 
        <certificate encodedValue="MIIBuTCCAWOgAwIBAgIQD6mW56bjgapOill7ECgRMzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0xMDA3MjAxODMwMThaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdjZkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv2p/0NDo4iZU35gN+k7nGXe0LZWdnP9i4MHYD3IsFcZGIamMyXwRT8//3jx+1fs1xEb+8+QbZuj8TXt/7aX6x2kz2O5tynuholP35iObDqOd7nYSXN+70QDrZ/uktPOkLrw/nfrA8sK0aZCZjfiINHCRt/izJIzESOGzDOh1if0CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EALA+gVZDyjk4+qL7zAEV8esMX38X5QKGXHxBdd6K1+xApnSU79bRCWI9xU+HZ4rRhRJgtOdGQ1qfc9/WfvWXcYw=="/> 
       </identity> 
      </endpoint> 
     </client> 
    </system.serviceModel> 
</configuration> 

Answer 1

당신의 바인딩의 negotiateServiceCredential 설정을 해제 해보십시오 :

<wsHttpBinding> 
    <binding > 
    <security mode="Message"> 
     <message clientCredentialType="UserName" negotiateServiceCredential="false" /> 
    </security> 
    </binding> 
</wsHttpBinding>