在我之前的问题 - WCF client for consuming ASMX service with WS-Security之后,我需要配置一个WCF服务,该服务将使用WS-Security接收SOAP请求(请求样本可以在链接中找到) .
这是我的配置文件:
<system.serviceModel>
<services>
<service name="Service.Service1" behaviorConfiguration="customBindingBehavior">
<endpoint address="http://localhost/Service1.svc"
binding="customBinding"
bindingConfiguration="NewBinding0"
name="ServiceEndpoint"
contract="Service.Contracts.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="customBindingBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="xxx" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
<clientCertificate>
<certificate findValue="yyy" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="TrustedPeople" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<security authenticationMode="MutualCertificate">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
服务证书包含私钥以便对响应进行签名 .
客户端证书仅包含用于对请求进行签名的客户端私钥的相应公钥 .
我收到与服务证书相关的以下异常:
"The certificate 'CN=xxxxxx' must have a private key that is capable of key exchange. The process must have access rights for the private key."
我该如何解决?
提前致谢!
编辑:
我得到的例外:
System.ArgumentException: It is likely that certificate 'CN=xxx' may not have a private key that is capable of key exchange or the process may not have access rights for the private key.
at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
at System.ServiceModel.Security.AsymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)
2 回答
如果错误在服务器或客户端证书上,则不清楚该消息 . 无论如何,您只需要配置服务器证书 . 客户端证书将根据您在行为中指定的策略进行验证 .
你可以使用这个绑定:
还要确保用以下内容装饰服务 Contract :
在Windows 8.1上使用Visual Studio 2012调试客户端应用程序时遇到了同样的问题 . 根据给出的错误消息,您在从Visual Studio运行应用程序时也会收到此错误 . 打开Visual Studio“以管理员身份运行”解决问题 .