WCF Certificate Configuration with ASP.NET
Briefly, here's the scenario. I have an ASP.NET application using forms authentication and a custom membership provider. I've created a WCF client and an ASP.NET ServiceHost using ServiceHostFactory. Everything works perfectly so far, but to deploy this in the real world, I will need to have it secured. I cannot seem to find out how to set the certificate for the service. I want to use the certificate already associated with the ASP.NET application that is hosting my service.
How do I set the certificate in a way that will automatically set the certificate to the hosting web app's certificate without having to manually identify the certificate. It would be a real PITA if the user has to install the WCF assemblies and make changes to the configuration file and have to know something about what certificate is installed.
Here's what I mustered up so far, but haven't been able to get it to work and it isn't configurable during installation without recompilation.
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerDistinguishedName, "mycertificate");
Is there a ASP.NET Api that would return the certificate associated with the hosting app that I can pass to SetCertificate?开发者_运维问答 Also, how do I handle the situation where no certificate is installed, but I still want WCF to connect, albeit insecurely?
This depends on whether you want to use Transport or Message level security. If you just want your web services to work over https like any other web page, then in your WCF configuration, you do not need to specify the certificate, you simply enable transport security, like:
<basicHttpBinding>
<binding name="basicHttpsSecured" sendTimeout="00:02:00">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
Then in IIS, you set the SSL certificate on the web site just like you would have for any other ASP.NET site. If you were not hosting this through IIS, but were instead making it a self-hosted windows service or something, then you would have to set the certificate in your configuration, but when hosting in IIS, you can let IIS do the work.
If instead you want to do message level security, which means that you are transporting over non-secure regular http, but your message contents are encrypted, then you would set
<security mode="Message">
on the binding, and specify the certificate to use to encrypt the message. However it sounds like you are talking about using ssl / https for your web service.
精彩评论