<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Introduction%20and%20Goal">Introduction and goal</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Beginner%20WCF%20FAQ%E2%80%99s">Beginner WCF FAQs</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%201:-%20Create%20client%20and%20server%20certificates">Step 1: Create client and server certificates</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%202%20:-%20Copy%20the%20certificates%20in%20trusted%20people%20certificates">Step 2: Copy the certificates in trusted people certificates</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%203%20:-%20Specify%20the%20certification%20path%20and%20mode%20in%20the%20WCF%20service%20web.config%20file">Step 3: Specify the certification path and mode in the WCF service web.config file</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step4%20:-%20Define%20bindings">Step 4: Define binding</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step5%20:-%20Tie%20up%20the%20bindings%20with%20end%20point">Step 5: Tie up the bindings with the end point</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%206%20:-%20Make%20your%20web%20application%20client%20for%20consuming%20the%20WCF%20service">Step 6: Make your web application client for consuming the WCF service</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%207%20:-%20Define%20certificates%20in%20WCF%20client">Step 7: Define certificates in WCF client</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%208%20:-%20Tie%20up%20the%20behavior%20with%20end%20point%20on%20WCF%20client">Step 8: Tie up the behavior with the end point on WCF client</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Step%209%20:-%20Enjoy%20your%20hard%20work">Step 9: Enjoy your hard work</a>
<a href="http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF#Download%20code">Download code</a>
In this article, we will discuss how we can enable certificates on a WCF service. WCF has two modes by which it transfers data: transport and message. This tutorial will concentrate on how we can enable certificates on the message mode of data transfer.
In case you are fresh to WCF, please refer the below two WCF FAQ articles:
Create two certificates, one for the server and the other for the client, using makecert.exe. You can get makecert.exefrom the “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin” folder. You can go to the DOS prompt and run the below command snippet:
Below is a detailed explanation of the various attributes specified in makecert.exe.
Attribute
Explanation
-sr
Specifies the Registry location of the certificate store. The <code>SubjectCertStoreLocation</code> argument must be either of the following:
<code>currentUser</code>: Specifies the registry location HKEY_CURRENT_USER.
<code>localMachine</code>: Specifies the registry location HKEY_LOCAL_MACHINE.
-ss
Specifies the name of the certificate store where the generated certificate is saved.
-a
Specifies the algorithm. Can be either MD5 or SHA1.
-n
Specifies a name for the certificate. This name must conform to the X.500 standard. The simplest method is to use the "CN=MyName" format. If the /n switch is not specified, the default name of the certificate is "Joe's Software Emporium".
-sky
Specifies the key type. Can be either exchange or signature.
-pe
This makes the key exportable.
Note: Makecert.exe is a free tool provided by Microsoft which helps to create X.509 certificates that are signed by a system test root key or by another specified key. This is a test certificate and not a real one and should not be used for production purposes. For production, buy proper certificates from Thawte, Verisign, GeoTrust, etc.
Currently, we have specified that we want to create the client key with the <code>WcfClient</code> name and server key with <code>WCFServer</code>. The certificates should be created for the current user and should be exportable.
Once you run the command, you should see the <code>Succeeded</code> message as shown in the below figure. The below figure shows keys created for both the server and client.
Go to Start -> Run and type MMC and press Enter. You will be popped with the MMC console. Click on File -> Add/remove snap-in. You will be popped up with an Add/Remove snap-in, click on the Add button, select Certificates, and select ‘My user account’.
You can see the certificates created for the client and server in the personal certificates folder. We need to copy those certificates in the Trusted people -> Certificates folder.
Now that we have created both the certificates, we need to refer these certificates in our WCF project. We have created two projects: one that has the WCF service and the other a web application which will consume the WCF service.
Let’s open the web.config file of the WCF service and enter two important things:
Where the certificate is stored, location, and how the WCF application should find it. This is defined using the <code>serviceCertificate</code> tag as shown in the below snippet.
<code>certificationvalidationmode</code> defines how the client certificates will be authenticated.
Certification validation mode
Description
Chain trust
In this situation, the client certificate is validated against the root certificate.
Peer trust
PeerTrust ensures that the public key portion of the certificate is in the Trusted People certificate folder on the client's computer
ChainORPeertrust
This is just an OR condition for both chain and peer.
The above two points are clubbed together and entered in the web.config file of the WCF service.
Now that we have defined our certificates and authentication type, we need to define that the authentication values will be sent through a message using certificates. You can see we have defined the <code>WsHttpBinding</code> with a <code>message</code> attribute specifying that the WCF client needs to send a certificate for validation.
Once done, we need to tie up this binding with the end point. This is done by using the <code>bindingConfiguration</code> tag as shown in the below code snippet.
That’s all we need from the WCF service perspective. Compile the WCF service and reference it in the ASP.NET web application using ‘Service reference’. Below is the code snippet where we have referenced the service and called the <code>GetData</code> function of the service.
Now if you try to run the client, i.e., the web application, as it is, you should get an error as shown below. The error clearly indicates you can not use the WCF service until you provide the client certificate.
Let's start the process of defining certificates in the WCF client. The way we have defined the authentication certification mode and the path of the certificate, the same way we need to define it for the WCF client. You can see we have defined the authentication mode as <code>peertrust</code> and we have specified the client certificate name as <code>WcfClient</code>.
We need to tie up the above defined behavior with the end point. You can see we have bound the behavior using the <code>behaviorConfiguration</code> property. We also need to specify that the DNS value will be <code>WcfServer</code> which is your server certificate name.
Once we are done, you can run the ASP.NET web app and you should see the below display.
本文轉自 h2appy 51CTO部落格,原文連結:http://blog.51cto.com/h2appy/1181216,如需轉載請自行聯系原作者
![SQL優化SQL語句優化的目的[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)