Hope someone can help me in this matter, besides using certificates, message level security on my WCF service Looking for a way to enable it. The problem is that the applications are used on the client, which connects to VPNs with multiple sites in which each has its own domain controller and the domains do not trust each other. I am totally new in the certificate , Though many PPL say that this is the way to go, I do not know if it can work in this environment?
I am begging for help :) Thanksgiving
Actually proof Letter is actually the way to go! I highly recommend you to use the certificates! It is not difficult in fact it is your problem: With the certificate "do not trust each other," you will get domains that trust each other. Here's a step-by-step instruction on how to do this:
1) You have to create a certificate on the client. To do this, go to the Start menu -> Run -> type "cmd" and enter in the console window type: makecert.exe MakeCert -pe -ss MySR localmachin -a sha1 -sky exchange -n CN = ClientCertificateName (replace "ClientCertificateName" with the name of your choice)
2) Do this on a server renaming certificate!
3) After step 1) and 2) Both your client and your server have self-signed certs installed. Now you have to export these certificates and import the client's certificate into the Trusted Pile folder of the server and import the server's certificate into the customer's Trusted People folder. To do this -> Start menu -> Run -> type "MMC" type and press enter
4) Go to file to open store place in certificate - Add / Remove Snap-in -> Select New Window Certificate (on the left) and click Add -> OK -> "Computer Account" -> Next -> Finish -> Click OK
The certificate will open after the console. Expand the Certificate node (on the left) and navigate to the Personal / Certificate node. There you will only get the certificate created in the previous steps. Right-click the proof and export it with a private key Save the exported evidence to a file. Then copy this file into another machine and import it under the "Trusted People / Certificates" node. Repeat steps 4) Repeat steps 4) For other machines - The ultimate goal is to import the client's certificate on the host machine and vice versa.
Now when you (expected) those certificates Has been established which is to tell you to use your service. To do this, you can use your app's web.config (app.config) file or type in code.
& lt; Security mode = "message" & gt; & Lt; Message client CredentialType = "certificate" /> & Lt; / Safety & gt; After adding the security node to the client and server's configuration file, you must add the following behavior to the following:
& lt; Behaviors & gt; & Lt; Endpoint beehaviors & gt; & Lt; Behavior name = "your_binding_behavior" & gt; & Lt; ClientCredentials & gt; & Lt; Client certification break value = "[client certificate name is here]" storeLocation = "Local Mackin" StoreName = "My" x509 Findtype = "SearchBox name" /> & Lt; ServiceCertificate & gt; & Lt; DefaultCertificate findValue = "[server certificate name is here]" storeLocation = "local macin" storename = "trusted people" x509FindType = "FindBySubjectName" /> & Lt; Certification Certificate ValidationMode = "PeerOrChaintrust" /> & Lt; / ServiceCertificate & gt; & Lt; / ClientCredentials & gt; & Lt; / Behavior & gt; & Lt; / EndpointBehaviors & gt; & Lt; / Behavior & gt;
And that's it! You have to go well! For more information on this, you can read and also here.
HH
Comments
Post a Comment