110,533
社区成员
发帖
与我相关
我的任务
分享高分求助 WCF Security IIS Host问题
创建证书
makecert -r -pe -n "CN=MyCert" -ss My -sky exchange
服务器端配置文件
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfiguration">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="AFH.WCF.ServiceLibrary.Service">
<endpoint address="http://localhost/AFH.WCF.Server/Service.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpBindingConfiguration"
contract="AFH.WCF.ServiceLibrary.IService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
<serviceCertificate findValue="MyCert" storeLocation="CurrentUser" storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="AFH.WCF.ServiceLibrary.MyUserNamePasswordValidator,AFH.WCF.ServiceLibrary" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
使用IIS Host,在IIS里浏览 Service.svc 报错
Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyCert'.
看到过一个帖子说使用WinHttpCertCfg.exe 工具,尝试了还是不行,请高手帮帮忙!
makecert -r -pe -n "CN=MyCert" -ss My -sky exchange
服务器端配置文件
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfiguration">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="AFH.WCF.ServiceLibrary.Service">
<endpoint address="http://localhost/AFH.WCF.Server/Service.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpBindingConfiguration"
contract="AFH.WCF.ServiceLibrary.IService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
<serviceCertificate findValue="MyCert" storeLocation="CurrentUser" storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="AFH.WCF.ServiceLibrary.MyUserNamePasswordValidator,AFH.WCF.ServiceLibrary" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
使用IIS Host,在IIS里浏览 Service.svc 报错
Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyCert'.
看到过一个帖子说使用WinHttpCertCfg.exe 工具,尝试了还是不行,请高手帮帮忙!
...全文
请发表友善的回复…
发表回复
daxiong105 2009-06-29
- 打赏
- 举报
虽然问题还未解决,但是非常感谢@fdm031216的热心帮助,先结贴,有了解决办法会帖出来。
fdm031216 2009-06-25
- 打赏
- 举报
在mmc中导出证书
Since the certificate is generated to enable exporting the private key, you can export it using the Certificates console. Expand the CurrentUserPersonal store, and selecting All TasksExport
From the wizard, select “Yes, export the private key”. Click Next.
Select “Delete the private key if the export is successful”. Click Next.
Provide a password to protect the key. Click Next.
Select a filename for the key pair with a .pfx extension
然后删掉证书重新导入以.pfx扩展的证书就行了
Since the certificate is generated to enable exporting the private key, you can export it using the Certificates console. Expand the CurrentUserPersonal store, and selecting All TasksExport
From the wizard, select “Yes, export the private key”. Click Next.
Select “Delete the private key if the export is successful”. Click Next.
Provide a password to protect the key. Click Next.
Select a filename for the key pair with a .pfx extension
然后删掉证书重新导入以.pfx扩展的证书就行了
fdm031216 2009-06-25
- 打赏
- 举报
加我msn吧fdm031216@hotmail.com
daxiong105 2009-06-25
- 打赏
- 举报
@fdm031216
我描述一下我的操作步骤:
1.makecert -r -pe -n "CN=MyCert" -ss My -sky exchange
2.From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
3.From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Computer account. Click Next and then Finish. Close the Add Standalone Snap-in dialog. Click OK on the Add/Remove Snap-in dialog.
4. Save the Certificates snap-in settings to a file. From the File menu select Save. Name the file certificates.msc.
5. To re-open this console repeat step #1 and open the certificates.msc file.
6.Since the certificate is generated to enable exporting the private key, you can export it using the Certificates console. Expand the CurrentUserPersonal store, and selecting All Tasks->Export
From the wizard, select “Yes, export the private key”. Click Next.
Select “Delete the private key if the export is successful”. Click Next.
Provide a password to protect the key. Click Next.
Select a filename for the key pair with a .pfx extension
7.删除CurrentUserPersonal store里的MyCert
8.导入.pfx file to CurrentUserPersonal store
结果:同样错误。为什么呢?
困扰多时了,劳烦各位了,求一解啊!
我描述一下我的操作步骤:
1.makecert -r -pe -n "CN=MyCert" -ss My -sky exchange
2.From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
3.From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Computer account. Click Next and then Finish. Close the Add Standalone Snap-in dialog. Click OK on the Add/Remove Snap-in dialog.
4. Save the Certificates snap-in settings to a file. From the File menu select Save. Name the file certificates.msc.
5. To re-open this console repeat step #1 and open the certificates.msc file.
6.Since the certificate is generated to enable exporting the private key, you can export it using the Certificates console. Expand the CurrentUserPersonal store, and selecting All Tasks->Export
From the wizard, select “Yes, export the private key”. Click Next.
Select “Delete the private key if the export is successful”. Click Next.
Provide a password to protect the key. Click Next.
Select a filename for the key pair with a .pfx extension
7.删除CurrentUserPersonal store里的MyCert
8.导入.pfx file to CurrentUserPersonal store
结果:同样错误。为什么呢?
困扰多时了,劳烦各位了,求一解啊!
chen1yu2jun3 2009-06-24
- 打赏
- 举报
bbbbbbbbbbb
chengqscjh 2009-06-24
- 打赏
- 举报
1.IE选项->内容->证书->个人里先将证书“MyCert”导出为Cert.cer,然后在受信任的根证书颁发机构里导入Cert.cer,在配置时要确保你的服务端和客户端证书的信息是匹配的
2.<serviceCertificate findValue="MyCert" storeLocation="CurrentUser" storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="AFH.WCF.ServiceLibrary.MyUserNamePasswordValidator,AFH.WCF.ServiceLibrary" />
Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyCert'.
-----------------------------------------------------------------------------------------------------------
看你的客户端配置文件是否有对应的StoreName 'My'。重点检查你的客户端配置文件
http://www.cnblogs.com/liujiang/archive/2008/11/21/1338384.html
2.<serviceCertificate findValue="MyCert" storeLocation="CurrentUser" storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="AFH.WCF.ServiceLibrary.MyUserNamePasswordValidator,AFH.WCF.ServiceLibrary" />
Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'MyCert'.
-----------------------------------------------------------------------------------------------------------
看你的客户端配置文件是否有对应的StoreName 'My'。重点检查你的客户端配置文件
http://www.cnblogs.com/liujiang/archive/2008/11/21/1338384.html
daxiong105 2009-06-24
- 打赏
- 举报
[Quote=引用 2 楼 fdm031216 的回复:]
证书没有安装
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Co…
[/Quote]
我按照你的4步完成了,在控制台根节点下有证书(当前用户)和证书(本地计算机),现在在IIS里浏览还是同样的问题。
证书没有安装
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Co…
[/Quote]
我按照你的4步完成了,在控制台根节点下有证书(当前用户)和证书(本地计算机),现在在IIS里浏览还是同样的问题。
daxiong105 2009-06-24
- 打赏
- 举报
[Quote=引用 2 楼 fdm031216 的回复:]
证书没有安装
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Co…
[/Quote]
你的第二步里select My user account 和select Computer account请问如何操作??
证书没有安装
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Co…
[/Quote]
你的第二步里select My user account 和select Computer account请问如何操作??
daxiong105 2009-06-24
- 打赏
- 举报
我在IE选项->内容->证书->个人里先将证书“MyCert”导出为Cert.cer,然后在受信任的根证书颁发机构里导入Cert.cer,接着自动提示我是否安装证书,选择安装,最后提示导入成功!但是问题依旧存在,请问我的操作是否正确!Thanks!!
fdm031216 2009-06-24
- 打赏
- 举报
证书没有安装
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Computer account. Click Next and then Finish. Close the Add Standalone Snap-in dialog. Click OK on the Add/Remove Snap-in dialog.
3. Save the Certificates snap-in settings to a file. From the File menu select Save. Name the file certificates.msc.
4. To re-open this console repeat step #1 and open the certificates.msc file.
To view certificate stores on your local machine use the MMC snap-in tool.
1. From the Start menu select Run and type mmc.exe. Click OK to launch the MMC console.
2. From the File menu select Add/Remove Snap-in. Click Add from the dialog and select Certificates from the Add Standalone Snap-in dialog.
Click Add, select My user account and Finish. Click Add again and select Computer account. Click Next and then Finish. Close the Add Standalone Snap-in dialog. Click OK on the Add/Remove Snap-in dialog.
3. Save the Certificates snap-in settings to a file. From the File menu select Save. Name the file certificates.msc.
4. To re-open this console repeat step #1 and open the certificates.msc file.
guoyichao 2009-06-24
- 打赏
- 举报
制作了证书没有安装导致的,IE选项里有证书安装工具
