问题描述
我在IIS上有一个WCF SOAP服务,该服务使用basicHttpBinding并且配置为需要客户端证书:
<basicHttpBinding>
<binding>
<readerQuotas/>
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</basicHttpBinding>
我必须从.Net Core 3.1应用程序调用该服务。这是我所拥有的:
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
ChannelFactory<PaymentRequestService> factory = new ChannelFactory<PaymentRequestService>(binding,new EndpointAddress(new Uri(_apiOptions.Value.PaymentRequestServiceEndpoint)));
factory.Credentials.ClientCertificate.Certificate = GetClientCertificate(certBase64,certPass); // X509Certificate2
PaymentRequestService client = factory.CreateChannel();
var rx = client.SavePaymentRequestAsync(myRequest);
当我在调试中检查出厂时,我看到那里存在客户端证书证书(SHA256),但是看来客户端证书没有到达Web服务,因为我一直在获取客户端禁止HTTP请求身份验证方案“匿名”
如果我使用BasicHttpSecurityMode.TransportWithMessageCredential或使用factory.Credentials.ClientCertificate.SetCertificate()设置证书都没有区别
有什么想法吗?
解决方法
原来从 Windows Server 2012 开始,您需要在 HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL 中设置 SendTrustedIssuerList 和 ClientAuthTrustMode 注册表设置