如何禁用服务器上的 DNS 身份检查
How to disable DNS Identity check on server
我有自托管 WCF 服务和几千个客户端安装。
新服务器证书具有不同的 DNS 名称(*.mydomain.com 而不是 mydomain.com),这就是 DNS Identity 停止工作的原因。有什么方法可以通过仅更改服务器端来取消证书验证 code/confg?
客户端
var binding = new NetTcpBinding
{
Security =
{
Mode = SecurityMode.Transport,
Transport = {ClientCredentialType = TcpClientCredentialType.None}
}
};
_proxyClientHost = new ChannelFactory<IMyClientApp>(binding,
new EndpointAddress(new Uri("myservice.mydomain.com"),
EndpointIdentity.CreateDnsIdentity("*.mydomain.com")));
服务器
_serviceHost = new ServiceHost(typeof(MyClientApp));
_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "Certificate ThmubPrint Value …");
_serviceHost.Open();
服务器配置:
服务板块:
<service behaviorConfiguration="serviceBehavior"
name="MyService ">
<endpoint
binding="netTcpBinding"
bindingConfiguration="netTcpSettings"
name="netTcpEP"
contract="MyContract" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://mycomuter:333" />
</baseAddresses>
</host>
</service>
行为:
<behavior name="serviceBehavior">
<serviceDebug includeExceptionDetailInFaults="True" httpHelpPageEnabled="false" />
<serviceThrottling maxConcurrentCalls="32" maxConcurrentSessions="30" maxConcurrentInstances="2147483647" />
</behavior>
绑定:
<binding name="netTcpSettings" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security>
<transport clientCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows" algorithmSuite="TripleDesSha256" />
</security>
</binding>
您不能只停用服务器上的证书验证。因为客户端检查证书是否有效。很抱歉地告诉你。
如果您想关闭验证,您需要为客户端输入一些代码...如果您愿意,您可以询问如何在客户端上停用/配置验证器。这是一个简单的方法。
我有自托管 WCF 服务和几千个客户端安装。 新服务器证书具有不同的 DNS 名称(*.mydomain.com 而不是 mydomain.com),这就是 DNS Identity 停止工作的原因。有什么方法可以通过仅更改服务器端来取消证书验证 code/confg?
客户端
var binding = new NetTcpBinding
{
Security =
{
Mode = SecurityMode.Transport,
Transport = {ClientCredentialType = TcpClientCredentialType.None}
}
};
_proxyClientHost = new ChannelFactory<IMyClientApp>(binding,
new EndpointAddress(new Uri("myservice.mydomain.com"),
EndpointIdentity.CreateDnsIdentity("*.mydomain.com")));
服务器
_serviceHost = new ServiceHost(typeof(MyClientApp));
_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "Certificate ThmubPrint Value …");
_serviceHost.Open();
服务器配置:
服务板块:
<service behaviorConfiguration="serviceBehavior"
name="MyService ">
<endpoint
binding="netTcpBinding"
bindingConfiguration="netTcpSettings"
name="netTcpEP"
contract="MyContract" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://mycomuter:333" />
</baseAddresses>
</host>
</service>
行为:
<behavior name="serviceBehavior">
<serviceDebug includeExceptionDetailInFaults="True" httpHelpPageEnabled="false" />
<serviceThrottling maxConcurrentCalls="32" maxConcurrentSessions="30" maxConcurrentInstances="2147483647" />
</behavior>
绑定:
<binding name="netTcpSettings" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security>
<transport clientCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows" algorithmSuite="TripleDesSha256" />
</security>
</binding>
您不能只停用服务器上的证书验证。因为客户端检查证书是否有效。很抱歉地告诉你。
如果您想关闭验证,您需要为客户端输入一些代码...如果您愿意,您可以询问如何在客户端上停用/配置验证器。这是一个简单的方法。