一:创建证书
使用vs的命令创建
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=TestServer -sky exchange -pe
二:wcf服务
由于siverlight支持绑定限制,所以这里使用basicHttpBinding
主要是配置文件
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="mybehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None"/>
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfCertificate.Validator,WcfCertificate" />
<serviceCertificate storeLocation="LocalMachine" storeName="My" findValue="TestServer" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!--指定验证方式-->
<bindings>
<basicHttpBinding>
<binding name="myhttpbind">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Windows"/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfCertificate.Service1" behaviorConfiguration="mybehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="myhttpbind" contract="WcfCertificate.IService1">
<identity>
<dns value="TestServer" />
</identity>
</endpoint>
<endpoint address="MEX" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
若要在调试过程中浏览 Web 应用程序根目录,请将下面的值设置为 True。
在部署之前将该值设置为 False 可避免泄露 Web 应用程序文件夹信息。
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
三:增加一个自定义验证类
它要继承System.IdentityModel.Selector.UserNamePasswordValidator基类
public class Validator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (!string.Equals(userName, "sa") || !string.Equals(password, "1234"))
throw new Exception("Access Denied");
}
}
四:创建siverlight客服端调用
配置文件,添加引用即可会自动生成
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/Service1.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IService1" contract="ServiceReference1.IService1"
name="BasicHttpBinding_IService1" />
</client>
</system.serviceModel>
</configuration>
调用
要注意用户名密码与服务器要对应不然就会出现notfind
private void Hello_Click(object sender, RoutedEventArgs e)
{
ServiceReference1.Service1Client sc = new ServiceReference1.Service1Client();
sc.GetDataCompleted += sc_GetDataCompleted;
//注意只要这里用户名密码错误,就会返回notfind
sc.ClientCredentials.UserName.UserName = "sa";
sc.ClientCredentials.UserName.Password = "1234";
MessageBox.Show("hello successful");
sc.GetDataAsync(22);
}
注意:
1:跨域的问题
需要在承载服务的域的根目录中放置一个 clientaccesspolicy.xml 文件
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
跨域安全问题
http://hi.baidu.com/yandavid/item/06160508d060a218eafe3806
这里要注意的是加入了<domain uri="http://*/">的配置,这是因为客户端是http的程序,而WCF是https的,若允许从某个 HTTP 应用程序访问 HTTPS 服务,则需要将 <domain uri="http://*/">元素放入<allow-from>元素
thank for http://blog.csdn.net/samon1688/article/details/4503842