1、 打開 VS2010 Prompt? 工具，創建證書。

??? 輸入以下命令：

makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=localhost -sky exchange -pecertmgr.exe -add -r LocalMachine -s My -c -n localhost -r CurrentUser -s TrustedPeople

2、設置證書訪問權限

按照下面的步驟可解決 IIS7 Keyset does not exist 的問題， 根源為權限問題

1：運行 輸入 mmc 2:Console -> file->add/remove snap/in 3:彈出的界面左邊第三項：certificates-> add 3:彈出的界面選擇computer Account 下一步第一個項 ok。 4：certificates下面找到 Personal certificates 右邊 可以找到你創建的證書 5:最關鍵的一步：右擊證書->All tasks-> manager private keys->在談出的security中加入　everyone full control

3、創建項目

3.1 項目結構

??

? 3.2? 服務端代碼（service.cs)

View Code // Copyright (c) Microsoft Corporation. All Rights Reserved.using System; using System.ServiceModel;namespace Microsoft.ServiceModel.Samples {// Define a service contract.[ServiceContract(Namespace="http://Microsoft.ServiceModel.Samples")]public interface ICalculator{[OperationContract]bool IsCallerAnonymous();[OperationContract]double Add(double n1, double n2);[OperationContract]double Subtract(double n1, double n2);[OperationContract]double Multiply(double n1, double n2);[OperationContract]double Divide(double n1, double n2);}// Service class which implements the service contract.// Added code to return whether the caller is anonymouspublic class CalculatorService : ICalculator{public bool IsCallerAnonymous(){// ServiceSecurityContext.IsAnonymous returns true if the caller is not authenticatedreturn ServiceSecurityContext.Current.IsAnonymous;}public double Add(double n1, double n2){double result = n1 + n2;return result;}public double Subtract(double n1, double n2){double result = n1 - n2;return result;}public double Multiply(double n1, double n2){double result = n1 * n2;return result;}public double Divide(double n1, double n2){double result = n1 / n2;return result;}}}

?

?3.3 服務端（service.svc)

<%@ServiceHost language=c# Debug="true" Service="Microsoft.ServiceModel.Samples.CalculatorService" %>

?

? 3.4 客戶端代碼（client.cs)

View Code // Copyright (c) Microsoft Corporation. All Rights Reserved.using System; using System.ServiceModel;namespace Microsoft.ServiceModel.Samples {//The service contract is defined in generatedClient.cs, generated from the service by the svcutil tool.//Client implementation code.class Client{static void Main(){// Create a client with given client endpoint configurationCalculatorClient client = new CalculatorClient();// Call the GetCallerIdentity operationConsole.WriteLine("IsCallerAnonymous returned: {0}", client.IsCallerAnonymous());// Call the Add service operation.double value1 = 100.00D;double value2 = 15.99D;double result = client.Add(value1, value2);Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);// Call the Subtract service operation.value1 = 145.00D;value2 = 76.54D;result = client.Subtract(value1, value2);Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);// Call the Multiply service operation.value1 = 9.00D;value2 = 81.25D;result = client.Multiply(value1, value2);Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);// Call the Divide service operation.value1 = 22.00D;value2 = 7.00D;result = client.Divide(value1, value2);Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);//Closing the client gracefully closes the connection and cleans up resources client.Close();Console.WriteLine();Console.WriteLine("Press <ENTER> to terminate client.");Console.ReadLine();}} }

3.5、 設置WCF 項目中的（服務端）配置文件

<?xml version="1.0" encoding="utf-8" ?><configuration><system.serviceModel><services><service name="Microsoft.ServiceModel.Samples.CalculatorService"behaviorConfiguration="CalculatorServiceBehavior"><!-- this endpoint is exposed at the base address provided by host: http://localhost/servicemodelsamples/service.svc --><endpoint address=""binding="wsHttpBinding"bindingConfiguration="Binding1" contract="Microsoft.ServiceModel.Samples.ICalculator" /><!-- the mex endpoint is exposed at http://localhost/servicemodelsamples/service.svc/mex --><endpoint address="mex"binding="mexHttpBinding"contract="IMetadataExchange" /></service></services><bindings><wsHttpBinding><!-- This configuration defines the security mode as Message and the clientCredentialType as None.This mode provides server authentication only using the service certificate.--><binding name="Binding1"><security mode = "Message"><message clientCredentialType="None"/></security></binding></wsHttpBinding></bindings><!--For debugging purposes set the includeExceptionDetailInFaults attribute to true--><behaviors><serviceBehaviors><behavior name="CalculatorServiceBehavior"><!-- The serviceCredentials behavior allows one to define a service certificate.A service certificate is used by a client to authenticate the service and provide message protection.This configuration references the "localhost" certificate installed during the setup instructions.--><serviceCredentials><serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /></serviceCredentials><serviceMetadata httpGetEnabled="True"/><serviceDebug includeExceptionDetailInFaults="False" /></behavior></serviceBehaviors></behaviors></system.serviceModel></configuration>

?

3.6、設置客戶端（App.Config)

<?xml version="1.0" encoding="utf-8" ?> <configuration><system.serviceModel><client><endpoint name=""address="http://localhost/TestService/service.svc" binding="wsHttpBinding" behaviorConfiguration="ClientCredentialsBehavior"bindingConfiguration="Binding1" contract="Microsoft.ServiceModel.Samples.ICalculator" /></client><bindings><wsHttpBinding><!-- This configuration defines the security mode as Message and the clientCredentialType as None.--><binding name="Binding1"><security mode = "Message"><message clientCredentialType="None"/></security></binding></wsHttpBinding></bindings><behaviors><endpointBehaviors><behavior name="ClientCredentialsBehavior"><clientCredentials><serviceCertificate><!-- Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate is in the user's Trusted People store, then it will be trusted without performing avalidation of the certificate's issuer chain. This setting is used here for convenience so that the sample can be run without having to have certificates issued by a certificate authority (CA).This setting is less secure than the default, ChainTrust. The security implications of this setting should be carefully considered before using PeerOrChainTrust in production code. --><authentication certificateValidationMode="PeerOrChainTrust" /></serviceCertificate></clientCredentials></behavior></endpointBehaviors></behaviors></system.serviceModel> </configuration>

本示例提供代碼下載

?

?

轉載于:https://www.cnblogs.com/tianjinquan/archive/2012/08/18/2645019.html

總結

以上是生活随笔為你收集整理的WCF 使用证书认证 方法的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。