我遇到以下錯誤:
System.IdentityModel.Tokens.SecurityTokenValidationException
X.509 證書 CN=RootCA 鏈構建失敗。使用的證書具有無法驗證的信任鏈。更換證書或更改 certificateValidationMode。已處理的證書鏈,但以不受信任的根證書終止。
我使用的證書是您可以按照本教程創建的證書:如何:創建開發期間使用的臨時證書,特別是“RootCA”證書。我真的不知道如何解決它。我已經嘗試過的事情:
- 將 certificateValidationMode 設定為“None”,將 revocationMode 設定為“NoCheck”
- 創建一個以我現在正在使用的證書為“父”的證書并嘗試使用它(如上一個鏈接中的示例所示)
- 將證書匯入到 Trusted People 和 Entrusted Root 檔案夾
- 在“serviceCertificate”節點中將 storeName 設定為“TrustedPeople”,在“authentication”節點中將trustedStoreLocation 設定為“LocalMachine”——連同第 3 點——
- 使用 CurrentUser 作為 storeLocation
我當前的代碼是(我需要隱藏我的檔案名以保護隱私):
客戶
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:51845/XXXXX.svc" behaviorConfiguration="BCertificado"
binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
contract="XXXXXF1Service.IXXXXXF1Service" name="basicHttpEndpoint">
<identity>
<certificate encodedValue="Huge string" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="BCertificado">
<clientCredentials>
<clientCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
服務器
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="service1">
<endpoint address="XXXXXServices" binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding"
name="basicHttpEndpoint" contract="IXXXXF1Service" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- Para evitar revelar información de los metadatos, establezca los valores siguientes en false antes de la implementación -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
<!-- Para recibir detalles de las excepciones en los errores para la depuración, establezca el siguiente valor en true. Para no revelar información sobre las excepciones establézcalo en false antes de la implementación -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="RootCA" x509FindType="FindBySubjectName" storeLocation="LocalMachine"/>
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
</protocolMapping>
與這些檔案相關的任何其他建議也值得贊賞,因為老實說我不知道??自己在做什么。非常感謝你。
uj5u.com熱心網友回復:
嘗試在您的客戶端應用程式中添加端點行為并設定您在端點中添加的行為配置。
<behaviors>
<endpointBehaviors>
<behavior name="BCertificado">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/490397.html