前边使用了证书进行数据加密,需要验证身份只需要2步
一:编写证书验证类
如果不编写证书验证类,x509只能对数据进行加密,客服端随便创建一个证书就能调用wcf服务了
需要实现X509CertificateValidator
public class CustomX509CertificateValidator : X509CertificateValidator
{
/// <summary>
/// 验证需要的证书,可以更具得到的Thumbprint进行唯一证书验证
/// </summary>
/// <param name="certificate"></param>
public override void Validate(X509Certificate2 certificate)
{
Console.WriteLine(certificate.Subject);
Console.WriteLine(certificate.Thumbprint);
if (certificate.Thumbprint != "463FF0446589240040F3847C29DC71C9F113E304")
throw new SecurityTokenException("Certificate Validation Error!");
}
}
要使用X509CertificateValidator需要一个system.identitymodel.dll
下载
二:修改一下验证配置
以前验证方式是None,需要修改成Custom customCertificateValidatorType="自定义验证类"
<clientCertificate>
<authentication certificateValidationMode="Custom"
customCertificateValidatorType="WcfCertificate.CustomX509CertificateValidator,WcfCertificate"/>
</clientCertificate>
ok前台就不用修改了