WCF X.509证书验证

创建证书：

makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=WCfServer -sky exchange -pe

1.服务器端：

system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="MtomBindingConfiguration"  messageEncoding="Mtom" maxReceivedMessageSize="1073741824" receiveTimeout="00:10:00">
                    <!--<security  mode="Transport">-->
                    <!--<transport clientCredentialType="Certificate"></transport>-->
                    <security >
                        <message clientCredentialType="Certificate"/>
                    </security>
                    <readerQuotas maxArrayLength="1073741824" />
                </binding>
            </wsHttpBinding>
        </bindings>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
        <services>
            <service behaviorConfiguration="Service.WebServiceBehavior" name="Service.WebService">
                <endpoint address="" binding="wsHttpBinding" contract="IService.IWebService" bindingConfiguration="MtomBindingConfiguration" >
                    <!--<endpoint address="http://localhost:2397/WebService.svc" binding="wsHttpBinding" contract="IService.IWebService" bindingConfiguration="MtomBindingConfiguration" >-->
                </endpoint>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="Service.WebServiceBehavior">
                    <serviceMetadata httpGetEnabled="true"  />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <serviceCredentials>
                        <clientCertificate>
                            <authentication certificateValidationMode="PeerTrust"/>
                            <!--<authentication  customCertificateValidatorType="WebServiceHost.X509Validation,WebServiceHost" certificateValidationMode="Custom"/>-->
                        </clientCertificate>
                        <serviceCertificate findValue="dlrfidWebServiceServer" storeName="My" storeLocation="CurrentUser" x509FindType="FindBySubjectName"/>
                    </serviceCredentials>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>

客户端：

 

 <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="WSHttpBinding_IWebService" closeTimeout="00:01:00"
                 openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                 bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                 maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom"
                 textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                     maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                     enabled="false" />
                    <security mode="Message">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                         realm="" />
                        <message clientCredentialType="Certificate" negotiateServiceCredential="true"
                         algorithmSuite="Default" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://localhost:2397/WebService.svc" binding="wsHttpBinding"
             bindingConfiguration="WSHttpBinding_IWebService" contract="WebService.IWebService"
             name="WSHttpBinding_IWebService" behaviorConfiguration="CustomBehavior">
                <identity>
                    <certificate encodedValue="AwAAAAEAAAAUAAAAeYh82ab7DzX7VgeBGszEb+mJREMgAAAAAQAAABkCAAAwggIVMIIBgqADAgECAhBQMedwa/rKvkXo0TVGSWNgMAkGBSsOAwIdBQAwITEfMB0GA1UEAxMWZGxyZmlkV2ViU2VydmljZVNlcnZlcjAeFw0xMTA1MjAwODM2MzRaFw0zOTEyMzEyMzU5NTlaMCExHzAdBgNVBAMTFmRscmZpZFdlYlNlcnZpY2VTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMB5FBsK9MI5dmWviNY630BsR/9v6U1jZYPAkeZvHur/ylA/xX9Gk61R+Lf4w/tZKO6L71uKkHP8fouyO9xaZSTvB3IMc8g8+sg241gTbc+2V284TrpLukaUHUEHnDnWwyXE8iQjXwtM6Do3aaJl5tXOENwuSeJITMMM0a/Oa1RHAgMBAAGjVjBUMFIGA1UdAQRLMEmAEHIh43krSAoBbjxTloPkPyChIzAhMR8wHQYDVQQDExZkbHJmaWRXZWJTZXJ2aWNlU2VydmVyghBQMedwa/rKvkXo0TVGSWNgMAkGBSsOAwIdBQADgYEAGHb2SjF3/loPJTuQtWMEP8fLrrEcWoqi7dkzqDUvTXtW0lFIH5xgG8EQublAJYGZBFUcXCmm/wLOd4Bhj9IvlbuvB08zVzf4amO8YWJyeKImJ0yJKwaH2lwL3JsXV5saQC2JqAhQfPS/7Z6sd3D3ECySgVYOE2fkDBDd52QXX0Y=" />
                </identity>
            </endpoint>
        </client>
        <behaviors>
            <endpointBehaviors>
                <behavior name="CustomBehavior">
                    <clientCredentials>
                        <clientCertificate findValue="dlrfidWebServiceServer" storeName="My" storeLocation="CurrentUser" x509FindType="FindBySubjectName" />
                        <serviceCertificate>
                            <authentication certificateValidationMode="PeerTrust"/>
                        </serviceCertificate>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>

    </system.serviceModel>

 

 makecert -sr LocalMachine -ss My -a sha1 -n CN=Webabcd -sky exchange -pe
certmgr -add -r LocalMachine -s My -c -n Webabcd -s TrustedPeople