.NET Core ChannelFactory - 将 X509Certificate2 设置为客户端证书
.NET Core ChannelFactory - Set a X509Certificate2 as Client Certificate
我需要将客户端证书(例如,不是来自 windows 证书存储)设置到我的 wcf 通道,但我总是得到异常:
System.InvalidOperationException: "Object is read-only."
这很奇怪,因为这些属性有一个 setter 但是如果我分配一个 X509Certificate2 就会崩溃。
堆栈跟踪
System.InvalidOperationException
HResult=0x80131509
Nachricht = Object is read-only.
Quelle = System.Private.ServiceModel
Stapelüberwachung:
at System.ServiceModel.Security.X509CertificateRecipientClientCredential.ThrowIfImmutable()
at System.ServiceModel.Security.X509CertificateRecipientClientCredential.set_DefaultCertificate(X509Certificate2 value)
代码
var binding = new BasicHttpsBinding();
var endpoint = new EndpointAddress(new Uri("https://myservice.com"));
var channelFactory = new ChannelFactory<MyService>(binding, endpoint);
var serviceClient = channelFactory.CreateChannel();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var token = GetToken(); // Just an method that reads a pfx from disk
channelFactory.Credentials.
ServiceCertificate.DefaultCertificate = token.Certificate; // throws exception
channelFactory.Credentials.
ClientCertificate.Certificate = token.Certificate; // throws exception too
更新 1
方法 SetCertificate 抛出相同的 System.InvalidOperationException: "Object is read-only." 异常。
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, token.Certificate.Thumbprint, false);
if(x509Certificate2Collection.Count == 0)
store.Add(token.Certificate);
}
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My,X509FindType.FindByThumbprint, token.Certificate.Thumbprint);
更新 2
X509CertificateRecipientClientCredential.cs 的实现很有趣。
public X509Certificate2 DefaultCertificate
{
get
{
return _defaultCertificate;
}
set
{
ThrowIfImmutable();
_defaultCertificate = value;
}
}
internal void MakeReadOnly()
{
_isReadOnly = true;
this.Authentication.MakeReadOnly();
if (_sslCertificateAuthentication != null)
{
_sslCertificateAuthentication.MakeReadOnly();
}
}
private void ThrowIfImmutable()
{
if (_isReadOnly)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ObjectIsReadOnly)));
}
}
有什么东西在呼唤internal void MakeReadOnly(),让我的生活更加艰难。
在阅读 github 上的 ClientCredentials.cs 时,我找到了方法 MakeReadOnly()。
channelFactory.CreateChannel() 的调用生成了 ClientCertificate 实例 read-only,因此在更改语句顺序后它起作用了!
使用 WCF 的工作客户端证书身份验证:
var binding = new BasicHttpsBinding();
var endpoint = new EndpointAddress(new Uri("https://myservice.com"));
var channelFactory = new ChannelFactory<MyService>(binding, endpoint);
// Must set before CreateChannel()
channelFactory.Credentials.
ClientCertificate.Certificate = token.Certificate;
var serviceClient = channelFactory.CreateChannel();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
我需要将客户端证书(例如,不是来自 windows 证书存储)设置到我的 wcf 通道,但我总是得到异常:
System.InvalidOperationException: "Object is read-only."
这很奇怪,因为这些属性有一个 setter 但是如果我分配一个 X509Certificate2 就会崩溃。
堆栈跟踪
System.InvalidOperationException
HResult=0x80131509
Nachricht = Object is read-only.
Quelle = System.Private.ServiceModel
Stapelüberwachung:
at System.ServiceModel.Security.X509CertificateRecipientClientCredential.ThrowIfImmutable()
at System.ServiceModel.Security.X509CertificateRecipientClientCredential.set_DefaultCertificate(X509Certificate2 value)
代码
var binding = new BasicHttpsBinding();
var endpoint = new EndpointAddress(new Uri("https://myservice.com"));
var channelFactory = new ChannelFactory<MyService>(binding, endpoint);
var serviceClient = channelFactory.CreateChannel();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var token = GetToken(); // Just an method that reads a pfx from disk
channelFactory.Credentials.
ServiceCertificate.DefaultCertificate = token.Certificate; // throws exception
channelFactory.Credentials.
ClientCertificate.Certificate = token.Certificate; // throws exception too
更新 1
方法 SetCertificate 抛出相同的 System.InvalidOperationException: "Object is read-only." 异常。
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
var x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, token.Certificate.Thumbprint, false);
if(x509Certificate2Collection.Count == 0)
store.Add(token.Certificate);
}
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My,X509FindType.FindByThumbprint, token.Certificate.Thumbprint);
更新 2
X509CertificateRecipientClientCredential.cs 的实现很有趣。
public X509Certificate2 DefaultCertificate
{
get
{
return _defaultCertificate;
}
set
{
ThrowIfImmutable();
_defaultCertificate = value;
}
}
internal void MakeReadOnly()
{
_isReadOnly = true;
this.Authentication.MakeReadOnly();
if (_sslCertificateAuthentication != null)
{
_sslCertificateAuthentication.MakeReadOnly();
}
}
private void ThrowIfImmutable()
{
if (_isReadOnly)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.ObjectIsReadOnly)));
}
}
有什么东西在呼唤internal void MakeReadOnly(),让我的生活更加艰难。
在阅读 github 上的 ClientCredentials.cs 时,我找到了方法 MakeReadOnly()。
channelFactory.CreateChannel() 的调用生成了 ClientCertificate 实例 read-only,因此在更改语句顺序后它起作用了!
使用 WCF 的工作客户端证书身份验证:
var binding = new BasicHttpsBinding();
var endpoint = new EndpointAddress(new Uri("https://myservice.com"));
var channelFactory = new ChannelFactory<MyService>(binding, endpoint);
// Must set before CreateChannel()
channelFactory.Credentials.
ClientCertificate.Certificate = token.Certificate;
var serviceClient = channelFactory.CreateChannel();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;