using System; using System.Collections.Generic; using System.Linq; using System.ServiceModel; using System.ServiceModel.Description; using System.Text; namespace TTTT { class Program { static void Main(string[] args) { NetTcpBinding bind = new NetTcpBinding(SecurityMode.Transport); bind.MaxConnections = 1 << 16; bind.MaxReceivedMessageSize = 1024 * 1024; bind.MaxBufferSize = 1024 * 1024; bind.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; bind.Security.Transport.ExtendedProtectionPolicy = new System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always); EndpointAddress endpointAddress = new System.ServiceModel.EndpointAddress(new Uri("net.tcp://localhost:56789/ChargeService"), EndpointIdentity.CreateDnsIdentity("SUPServer")); ServiceReference1.ChargeServiceClient csc = new ServiceReference1.ChargeServiceClient(bind, endpointAddress); csc.ClientCredentials.ClientCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Properties.Resources.SUPServer, "xxlonline"); //csc.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; csc.ClientCredentials.Peer.PeerAuthentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; csc.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; //csc.ClientCredentials.ServiceCertificate.Authentication.CustomCertificateValidator = new SUPCertificateValidator(); csc.Open(); if (csc.State == CommunicationState.Opened) { var par = new ServiceReference1.CompositeType(); par.BoolValue = true; par.StringValue = "唉"; var re = csc.GetDataUsingDataContract(par); Console.Write(re.StringValue); } } /// <summary> /// 证书验证 /// </summary> public class SUPCertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator { public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { if (!certificate.Thumbprint.Equals("7CB7D4243FA03CB6264B742CB0B63557C0A7AD2A")) { throw new System.IdentityModel.Tokens.SecurityTokenException("证书验证失败!"); } } } } }
服务端using System; using System.Collections.Generic; using System.Linq; using System.ServiceModel; using System.ServiceModel.Description; using System.Text; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { using (ServiceHost m_Host = new ServiceHost(typeof(WcfServiceLibrary.Service1), new Uri("net.tcp://localhost:56789"))) { //var binding = new NetTcpBinding(SecurityMode.None); var binding = new NetTcpBinding(SecurityMode.Transport); binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; binding.Security.Transport.ExtendedProtectionPolicy = new System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always); binding.Security.Message.ClientCredentialType = MessageCredentialType.None; ServiceMetadataBehavior m_ServiceMetadataBehavior = new ServiceMetadataBehavior(); m_ServiceMetadataBehavior.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; //元数据 m_Host.Description.Behaviors.Add(m_ServiceMetadataBehavior); ServiceThrottlingBehavior m_ServiceThrottlingBehavior = new ServiceThrottlingBehavior(); m_ServiceThrottlingBehavior.MaxConcurrentCalls = 2147483647; m_ServiceThrottlingBehavior.MaxConcurrentInstances = 2147483647; m_ServiceThrottlingBehavior.MaxConcurrentSessions = 2147483647; m_Host.Description.Behaviors.Add(m_ServiceThrottlingBehavior); (m_Host.Description.Behaviors[typeof(ServiceDebugBehavior)] as ServiceDebugBehavior).IncludeExceptionDetailInFaults = true; ServiceCredentials m_ServiceCredentials = new ServiceCredentials(); m_ServiceCredentials.ServiceCertificate.Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(Properties.Resources.SUPServer, "sssssss"); m_ServiceCredentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom; m_ServiceCredentials.ClientCertificate.Authentication.CustomCertificateValidator = new SUPCertificateValidator(); m_ServiceCredentials.ClientCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; m_Host.Description.Behaviors.Add(m_ServiceCredentials); m_Host.AddServiceEndpoint(typeof(WcfServiceLibrary.IService1), binding, "ChargeService"); m_Host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexTcpBinding(), "ChargeService/Mex"); m_Host.Opened += delegate { Console.WriteLine("CalculaorService已经启动,按任意键终止服务!"); }; m_Host.Open(); Console.Read(); } } } public class SUPCertificateValidator : System.IdentityModel.Selectors.X509CertificateValidator { public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { if (!certificate.Thumbprint.Equals("3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")) { throw new System.IdentityModel.Tokens.SecurityTokenException("证书验证失败!"); } } } }
客户端
简单WCF加密
最新推荐文章于 2019-01-08 02:40:21 发布