Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
548 views
in Technique[技术] by (71.8m points)

ssl - Certificate on a WCF service that does not use IIS

I have a WCF application that normally runs in IIS (for my testing and production environments). But when I run it from my debugger it is setup to run self hosted (that is, a console window pops up and IIS is NOT used).

I also have a client application that I connect to the WCF application. Normally when I am testing my client application (that runs on Windows Mobile) it is setup to connect to one of my testing environments (I have a development environment for me to test in).

The problem I am having now is that there seems to be a disconnect between what the client is sending and what the WCF application is getting. I need to debug my WCF application.

I can run my WCF application and then change the URL of my client to point the debugger version, but my services run with SSL and have a certificate that the client is hardcoded to expect.

I would rather not disable that part of my code (on the client). Is there a way to install the certificate on my self-hosted WCF application?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I just want to add some helpful information on how to programatically install an SSL certificate for a self-hosted WCF service. This does not cover how to get the WCF application to use the SSL certificate, since that is well-documented elsewhere on the web.

This is intended to be run at setup time by an administrator, and not by the actual application itself, which in this example, runs under the limited Network Service account.

You can then use those code samples to install and configure the certificate:

if (!IsAdministrator())
{
   Console.WriteLine("Must run "+
                "as a user with local Administrator privileges.");
   Environment.Exit(-1);
}

//Open the cert.
X509Certificate2 certificate = new X509Certificate2(certFilePath);

//Add it to the local store
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(certificate);
certStore.Close();

//Reserve an HTTPS namespace for it.
string urlPrefix = string.Format("https://+:{0}/{1}", portNum, appPath);
ReserveHttpNamespace.ModifyReservation(urlPrefix, "Network Service", false);

//Set the SSL cert for this service.
SetSSLCert.BindCertificate("0.0.0.0", portNum, certificate.GetCertHash());

You can then check that this ran correctly using the helpful HttpCfg UI Tool.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...