Partager via


Comment : utiliser des certificats X.509 distincts pour les signatures et le chiffrement

Cette rubrique contient des instructions permettant de configurer Windows Communication Foundation (WCF) afin de pouvoir utiliser différents certificats pour les signatures et le chiffrement des messages client et service.

Pour activer différents certificats pour les signatures et le chiffrement, vous devez créer des informations d'identification client ou service personnalisés (ou les deux), WCF n'offrant pas d'API permettant de définir plusieurs certificats de client ou de service. En outre, un gestionnaire de jetons de sécurité doit être configuré pour permettre l'exploitation des informations de l'ensemble des certificats et la création d'un fournisseur de jetons de sécurité qui convienne à l'utilisation des clés et à la direction des messages spécifiées.

Le diagramme suivant montre les classes principales utilisées, les classes (indiquées par une flèche pointant vers le haut) desquelles ils héritent et les types de retour de certaines méthodes et propriétés.

ms729856.e4971edd-a59f-4571-b36f-7e6b2f0d610f(fr-fr,VS.100).gif

Pour plus d'informations sur le sujet suivant les informations d'identification personnalisées, consultez Procédure pas à pas : création d'informations d'identification de client et de service personnalisées.

De plus, vous devez créer un vérificateur d'identité personnalisé et le lier à un élément de liaison de sécurité dans une liaison personnalisée. Vous devez également utiliser les informations d'identification personnalisées au lieu des informations d'identification par défaut.

Le diagramme suivant indique les classes impliquées dans la liaison personnalisée, et comment le vérificateur d'identité personnalisé est lié. Plusieurs éléments de liaison sont impliqués, qui héritent tous de BindingElement. AsymmetricSecurityBindingElement a la propriété LocalClientSecuritySettings, qui retourne une instance de IdentityVerifier, à partir de laquelle MyIdentityVerifier est personnalisé.

ms729856.dddea4a2-0bb4-4921-9bf4-20d4d82c3da5(fr-fr,VS.100).gif

Pour plus d'informations sur le sujet suivant la création d'un vérificateur d'identité personnalisé, consultez Comment : Comment : créer un vérificateur d'identité du client personnalisé.

Pour utiliser différents certificats dans les signatures et le chiffrement

  1. Définissez une nouvelle classe d'informations d'identification client qui hérite de la classe ClientCredentials. Implémentez quatre nouvelles propriétés pour autoriser la spécification de plusieurs certificats : ClientSigningCertificate, ClientEncryptingCertificate, ServiceSigningCertificate et ServiceEncryptingCertificate. Substituez également la méthode CreateSecurityTokenManager pour retourner une instance de la classe ClientCredentialsSecurityTokenManager personnalisée définie à l'étape suivante.

    Public Class MyClientCredentials
        Inherits ClientCredentials
    
        Private clientSigningCert As X509Certificate2
        Private clientEncryptingCert As X509Certificate2
        Private serviceSigningCert As X509Certificate2
        Private serviceEncryptingCert As X509Certificate2
    
        Public Sub New()
        End Sub
    
        Protected Sub New(ByVal other As MyClientCredentials)
            MyBase.New(other)
            Me.clientEncryptingCert = other.clientEncryptingCert
            Me.clientSigningCert = other.clientSigningCert
            Me.serviceEncryptingCert = other.serviceEncryptingCert
            Me.serviceSigningCert = other.serviceSigningCert
        End Sub
    
        Public Property ClientSigningCertificate() As X509Certificate2
            Get
                Return Me.clientSigningCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.clientSigningCert = value
            End Set
        End Property
    
        Public Property ClientEncryptingCertificate() As X509Certificate2
            Get
                Return Me.clientEncryptingCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.clientEncryptingCert = value
            End Set
        End Property
    
        Public Property ServiceSigningCertificate() As X509Certificate2
            Get
                Return Me.serviceSigningCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.serviceSigningCert = value
            End Set
        End Property
    
        Public Property ServiceEncryptingCertificate() As X509Certificate2
            Get
                Return Me.serviceEncryptingCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.serviceEncryptingCert = value
            End Set
        End Property
    
        Public Overrides Function CreateSecurityTokenManager() As SecurityTokenManager
            Return New MyClientCredentialsSecurityTokenManager(Me)
        End Function
    
        Protected Overrides Function CloneCore() As ClientCredentials
            Return New MyClientCredentials(Me)
        End Function
    
    End Class
    
    public class MyClientCredentials : ClientCredentials
    {
        X509Certificate2 clientSigningCert;
        X509Certificate2 clientEncryptingCert;
        X509Certificate2 serviceSigningCert;
        X509Certificate2 serviceEncryptingCert;
    
        public MyClientCredentials()
        {
        }
    
        protected MyClientCredentials(MyClientCredentials other)
            : base(other)
        {
            this.clientEncryptingCert = other.clientEncryptingCert;
            this.clientSigningCert = other.clientSigningCert;
            this.serviceEncryptingCert = other.serviceEncryptingCert;
            this.serviceSigningCert = other.serviceSigningCert;
        }
    
        public X509Certificate2 ClientSigningCertificate
        {
            get
            {
                return this.clientSigningCert;
            }
            set
            {
                this.clientSigningCert = value;
            }
        }
    
        public X509Certificate2 ClientEncryptingCertificate
        {
            get
            {
                return this.clientEncryptingCert;
            }
            set
            {
                this.clientEncryptingCert = value;
            }
        }
    
        public X509Certificate2 ServiceSigningCertificate
        {
            get
            {
                return this.serviceSigningCert;
            }
            set
            {
                this.serviceSigningCert = value;
            }
        }
    
        public X509Certificate2 ServiceEncryptingCertificate
        {
            get
            {
                return this.serviceEncryptingCert;
            }
            set
            {
                this.serviceEncryptingCert = value;
            }
        }
    
        public override SecurityTokenManager CreateSecurityTokenManager()
        {
            return new MyClientCredentialsSecurityTokenManager(this);
        }
    
        protected override ClientCredentials CloneCore()
        {
            return new MyClientCredentials(this);
        }
    }
    
  2. Définissez un nouveau gestionnaire de jetons de sécurité client qui hérite de la classe ClientCredentialsSecurityTokenManager. Remplacez la méthode CreateSecurityTokenProvider pour créer un fournisseur de jetons de sécurité approprié. Le paramètre requirement, qui correspond à un type SecurityTokenRequirement, indique la direction des messages et spécifie les paramètres d'utilisation des clés.

    Friend Class MyClientCredentialsSecurityTokenManager
        Inherits ClientCredentialsSecurityTokenManager
    
        Private credentials As MyClientCredentials
    
        Public Sub New(ByVal credentials As MyClientCredentials)
            MyBase.New(credentials)
            Me.credentials = credentials
        End Sub
    
        Public Overrides Function CreateSecurityTokenProvider(ByVal requirement As SecurityTokenRequirement) As SecurityTokenProvider
            Dim result As SecurityTokenProvider = Nothing
            If requirement.TokenType = SecurityTokenTypes.X509Certificate Then
                Dim direction = requirement.GetProperty(Of MessageDirection)(ServiceModelSecurityTokenRequirement.MessageDirectionProperty)
                If direction = MessageDirection.Output Then
                    If requirement.KeyUsage = SecurityKeyUsage.Signature Then
                        result = New X509SecurityTokenProvider(Me.credentials.ClientSigningCertificate)
                    Else
                        result = New X509SecurityTokenProvider(Me.credentials.ServiceEncryptingCertificate)
                    End If
                Else
                    If requirement.KeyUsage = SecurityKeyUsage.Signature Then
                        result = New X509SecurityTokenProvider(Me.credentials.ServiceSigningCertificate)
                    Else
                        result = New X509SecurityTokenProvider(credentials.ClientEncryptingCertificate)
                    End If
                End If
            Else
                result = MyBase.CreateSecurityTokenProvider(requirement)
            End If
    
            Return result
        End Function
    
        Public Overrides Function CreateSecurityTokenAuthenticator(ByVal tokenRequirement As SecurityTokenRequirement, _
                                                                   <System.Runtime.InteropServices.Out()> ByRef outOfBandTokenResolver As SecurityTokenResolver) As SecurityTokenAuthenticator
            Return MyBase.CreateSecurityTokenAuthenticator(tokenRequirement, _
                                                           outOfBandTokenResolver)
        End Function
    
    End Class
    
    internal class MyClientCredentialsSecurityTokenManager : 
        ClientCredentialsSecurityTokenManager
    {
        MyClientCredentials credentials;
    
        public MyClientCredentialsSecurityTokenManager(
            MyClientCredentials credentials): base(credentials)
        {
            this.credentials = credentials;
        }
    
        public override SecurityTokenProvider CreateSecurityTokenProvider(
            SecurityTokenRequirement requirement)
        {
            SecurityTokenProvider result = null;
            if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                MessageDirection direction = requirement.GetProperty
                    <MessageDirection>(ServiceModelSecurityTokenRequirement.
                    MessageDirectionProperty);
                if (direction == MessageDirection.Output)
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                    {
                        result = new X509SecurityTokenProvider(
                            this.credentials.ClientSigningCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(this.credentials.
                            ServiceEncryptingCertificate);
                    }
                }
                else
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                    {
                        result = new X509SecurityTokenProvider(this.
                            credentials.ServiceSigningCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(credentials.
                            ClientEncryptingCertificate);
                    }
                }
            }
            else
            {
                result = base.CreateSecurityTokenProvider(requirement);
            }
    
            return result;
        }
    
        public override SecurityTokenAuthenticator 
            CreateSecurityTokenAuthenticator(SecurityTokenRequirement 
            tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
        {
            return base.CreateSecurityTokenAuthenticator(tokenRequirement, 
                out outOfBandTokenResolver);
        }
    }
    
  3. Définissez une nouvelle classe d'informations d'identification de service qui hérite de la classe ServiceCredentials. Implémentez quatre nouvelles propriétés pour autoriser la spécification de plusieurs certificats : ClientSigningCertificate, ClientEncryptingCertificate, ServiceSigningCertificate et ServiceEncryptingCertificate. Substituez également la méthode CreateSecurityTokenManager pour retourner une instance de la classe ServiceCredentialsSecurityTokenManager personnalisée définie à l'étape suivante.

    Public Class MyServiceCredentials
        Inherits ServiceCredentials
    
        Private clientSigningCert As X509Certificate2
        Private clientEncryptingCert As X509Certificate2
        Private serviceSigningCert As X509Certificate2
        Private serviceEncryptingCert As X509Certificate2
    
        Public Sub New()
        End Sub
    
        Protected Sub New(ByVal other As MyServiceCredentials)
            MyBase.New(other)
            Me.clientEncryptingCert = other.clientEncryptingCert
            Me.clientSigningCert = other.clientSigningCert
            Me.serviceEncryptingCert = other.serviceEncryptingCert
            Me.serviceSigningCert = other.serviceSigningCert
        End Sub
    
        Public Property ClientSigningCertificate() As X509Certificate2
            Get
                Return Me.clientSigningCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.clientSigningCert = value
            End Set
        End Property
    
        Public Property ClientEncryptingCertificate() As X509Certificate2
            Get
                Return Me.clientEncryptingCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.clientEncryptingCert = value
            End Set
        End Property
    
        Public Property ServiceSigningCertificate() As X509Certificate2
            Get
                Return Me.serviceSigningCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.serviceSigningCert = value
            End Set
        End Property
    
        Public Property ServiceEncryptingCertificate() As X509Certificate2
            Get
                Return Me.serviceEncryptingCert
            End Get
            Set(ByVal value As X509Certificate2)
                Me.serviceEncryptingCert = value
            End Set
        End Property
    
        Public Overrides Function CreateSecurityTokenManager() As SecurityTokenManager
            Return New MyServiceCredentialsSecurityTokenManager(Me)
        End Function
    
        Protected Overrides Function CloneCore() As ServiceCredentials
            Return New MyServiceCredentials(Me)
        End Function
    
    End Class
    
    public class MyServiceCredentials : ServiceCredentials
    {
        X509Certificate2 clientSigningCert;
        X509Certificate2 clientEncryptingCert;
        X509Certificate2 serviceSigningCert;
        X509Certificate2 serviceEncryptingCert;
    
        public MyServiceCredentials()
        {
        }
    
        protected MyServiceCredentials(MyServiceCredentials other)
            : base(other)
        {
            this.clientEncryptingCert = other.clientEncryptingCert;
            this.clientSigningCert = other.clientSigningCert;
            this.serviceEncryptingCert = other.serviceEncryptingCert;
            this.serviceSigningCert = other.serviceSigningCert;
        }
    
        public X509Certificate2 ClientSigningCertificate
        {
            get
            {
                return this.clientSigningCert;
            }
            set
            {
                this.clientSigningCert = value;
            }
        }
    
        public X509Certificate2 ClientEncryptingCertificate
        {
            get
            {
                return this.clientEncryptingCert;
            }
            set
            {
                this.clientEncryptingCert = value;
            }
        }
    
        public X509Certificate2 ServiceSigningCertificate
        {
            get
            {
                return this.serviceSigningCert;
            }
            set
            {
                this.serviceSigningCert = value;
            }
        }
    
        public X509Certificate2 ServiceEncryptingCertificate
        {
            get
            {
                return this.serviceEncryptingCert;
            }
            set
            {
                this.serviceEncryptingCert = value;
            }
        }
    
        public override SecurityTokenManager CreateSecurityTokenManager()
        {
            return new MyServiceCredentialsSecurityTokenManager(this);
        }
    
        protected override ServiceCredentials CloneCore()
        {
            return new MyServiceCredentials(this);
        }
    }
    
  4. Définissez un nouveau gestionnaire de jetons de sécurité service qui hérite de la classe ServiceCredentialsSecurityTokenManager. Remplacez la méthode CreateSecurityTokenProvider pour créer un fournisseur de jetons de sécurité qui convienne à la direction passée des messages et aux paramètres d'utilisation des clés.

    Friend Class MyServiceCredentialsSecurityTokenManager
        Inherits ServiceCredentialsSecurityTokenManager
    
        Private credentials As MyServiceCredentials
    
        Public Sub New(ByVal credentials As MyServiceCredentials)
            MyBase.New(credentials)
            Me.credentials = credentials
        End Sub
    
        Public Overrides Function CreateSecurityTokenProvider(ByVal requirement As SecurityTokenRequirement) As SecurityTokenProvider
            Dim result As SecurityTokenProvider = Nothing
            If requirement.TokenType = SecurityTokenTypes.X509Certificate Then
                Dim direction = requirement.GetProperty(Of MessageDirection)(ServiceModelSecurityTokenRequirement.MessageDirectionProperty)
                If direction = MessageDirection.Input Then
                    If requirement.KeyUsage = SecurityKeyUsage.Exchange Then
                        result = New X509SecurityTokenProvider(credentials.ServiceEncryptingCertificate)
                    Else
                        result = New X509SecurityTokenProvider(credentials.ClientSigningCertificate)
                    End If
                Else
                    If requirement.KeyUsage = SecurityKeyUsage.Signature Then
                        result = New X509SecurityTokenProvider(credentials.ServiceSigningCertificate)
                    Else
                        result = New X509SecurityTokenProvider(credentials.ClientEncryptingCertificate)
                    End If
                End If
            Else
                result = MyBase.CreateSecurityTokenProvider(requirement)
            End If
            Return result
        End Function
    
    End Class
    
    internal class MyServiceCredentialsSecurityTokenManager : 
        ServiceCredentialsSecurityTokenManager
    {
        MyServiceCredentials credentials;
    
        public MyServiceCredentialsSecurityTokenManager(
            MyServiceCredentials credentials)
            : base(credentials)
        {
            this.credentials = credentials;
        }
    
        public override SecurityTokenProvider CreateSecurityTokenProvider(
            SecurityTokenRequirement requirement)
        {
            SecurityTokenProvider result = null;
            if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
            {
                MessageDirection direction = requirement.
                    GetProperty<MessageDirection>(
                    ServiceModelSecurityTokenRequirement.
                    MessageDirectionProperty);
                if (direction == MessageDirection.Input)
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Exchange)
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ServiceEncryptingCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ClientSigningCertificate);
                    }
                }
                else
                {
                    if (requirement.KeyUsage == SecurityKeyUsage.Signature)
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ServiceSigningCertificate);
                    }
                    else
                    {
                        result = new X509SecurityTokenProvider(
                            credentials.ClientEncryptingCertificate);
                    }
                }
            }
            else
            {
                result = base.CreateSecurityTokenProvider(requirement);
            }
            return result;
        }
    }
    

Pour utiliser plusieurs certificats sur le client

  1. Créez une liaison personnalisée. L'élément de liaison de sécurité doit fonctionner en mode duplex pour permettre aux différents fournisseurs de jetons de sécurité d'être présents pendant les requêtes et les réponses. Pour ce faire, utilisez des méthodes de transfert compatibles avec le mode duplex ou utilisez l'élément CompositeDuplexBindingElement, tel qu'illustré dans le code suivant. Liez le IdentityVerifier personnalisé défini à l'étape suivante à l'élément de liaison de sécurité. Remplacez les informations d'identification du client par défaut par les informations d'identification du client personnalisées créées précédemment.

    Dim serviceEndpoint As New EndpointAddress(New Uri("https://localhost:6060/service"))
    
    Dim binding As New CustomBinding()
    
    Dim securityBE = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10)
    ' Add a custom IdentityVerifier because the service uses two certificates 
    ' (one for signing and one for encryption) and an endpoint identity that 
    ' contains a single identity claim.
    securityBE.LocalClientSettings.IdentityVerifier = New MyIdentityVerifier()
    binding.Elements.Add(securityBE)
    
    Dim compositeDuplex As New CompositeDuplexBindingElement()
    
    compositeDuplex.ClientBaseAddress = New Uri("https://localhost:6061/client")
    
    With binding.Elements
        .Add(compositeDuplex)
        .Add(New OneWayBindingElement())
        .Add(New HttpTransportBindingElement())
    End With
    
    Using factory As New ChannelFactory(Of IMyServiceChannel)(binding, serviceEndpoint)
        Dim credentials As New MyClientCredentials()
        SetupCertificates(credentials)
    
        With factory.Endpoint.Behaviors
            .Remove(GetType(ClientCredentials))
            .Add(credentials)
        End With
    
        Dim channel = factory.CreateChannel()
        Console.WriteLine(channel.Hello("world"))
        channel.Close()
    End Using
    
                EndpointAddress serviceEndpoint = 
                    new EndpointAddress(new Uri("https://localhost:6060/service"));
    
                CustomBinding binding = new CustomBinding();
    
                AsymmetricSecurityBindingElement securityBE = 
                    SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(
                    MessageSecurityVersion.
    WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
                // Add a custom IdentityVerifier because the service uses two certificates 
                // (one for signing and one for encryption) and an endpoint identity that 
                // contains a single identity claim.
                securityBE.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
                binding.Elements.Add(securityBE);
    
                CompositeDuplexBindingElement compositeDuplex = 
                    new CompositeDuplexBindingElement();
                compositeDuplex.ClientBaseAddress = new Uri("https://localhost:6061/client");
                binding.Elements.Add(compositeDuplex);
    
                binding.Elements.Add(new OneWayBindingElement());
    
                binding.Elements.Add(new HttpTransportBindingElement());
    
                using (ChannelFactory<IMyServiceChannel> factory = 
                    new ChannelFactory<IMyServiceChannel>(binding, serviceEndpoint))
                {
                    MyClientCredentials credentials = new MyClientCredentials();
                    SetupCertificates(credentials);
                    factory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
                    factory.Endpoint.Behaviors.Add(credentials);
    
                    IMyServiceChannel channel = factory.CreateChannel();
                    Console.WriteLine(channel.Hello("world"));
                    channel.Close();
                }
    
  2. Définissez un IdentityVerifier personnalisé. Le service dispose de plusieurs identités, différents certificats étant utilisés pour chiffrer la demande et signer la réponse.

    ms729856.note(fr-fr,VS.100).gifRemarque :
    Dans l'exemple suivant, le vérificateur d'identité personnalisé spécifié n'effectue pas de contrôle d'identité de point de terminaison à des fins d'authentification. Cette pratique est déconseillée lors de la rédaction d'un code de production.

    Friend Class MyIdentityVerifier
        Inherits IdentityVerifier
    
        Private defaultVerifier As IdentityVerifier
    
        Public Sub New()
            Me.defaultVerifier = IdentityVerifier.CreateDefault()
        End Sub
    
        Public Overrides Function CheckAccess(ByVal identity As EndpointIdentity, ByVal authContext As AuthorizationContext) As Boolean
            ' The following implementation is for demonstration only, and
            ' does not perform any checks regarding EndpointIdentity.
            ' Do not use this for production code.
            Return True
        End Function
    
        Public Overrides Function TryGetIdentity(ByVal reference As EndpointAddress, <System.Runtime.InteropServices.Out()> ByRef identity As EndpointIdentity) As Boolean
            Return Me.defaultVerifier.TryGetIdentity(reference, identity)
        End Function
    
    End Class
    
    class MyIdentityVerifier : IdentityVerifier
    {
        IdentityVerifier defaultVerifier;
    
        public MyIdentityVerifier()
        {
            this.defaultVerifier = IdentityVerifier.CreateDefault();
        }
    
        public override bool CheckAccess(EndpointIdentity identity, 
            AuthorizationContext authContext)
        {
            // The following implementation is for demonstration only, and
            // does not perform any checks regarding EndpointIdentity.
            // Do not use this for production code.
            return true;
        }
    
        public override bool TryGetIdentity(EndpointAddress reference, 
            out EndpointIdentity identity)
        {
            return this.defaultVerifier.TryGetIdentity(reference, out identity);
        }
    }
    

Pour utiliser plusieurs certificats sur le service

  1. Créez une liaison personnalisée. L'élément de liaison de sécurité doit fonctionner en mode duplex pour permettre aux différents fournisseurs de jetons de sécurité d'être présents pendant les requêtes et les réponses. Comme pour le client, utilisez des méthodes de transfert compatibles avec le mode duplex ou utilisez l'élément CompositeDuplexBindingElement, tel qu'illustré dans le code suivant. Remplacez les informations d'identification du service par défaut par les informations d'identification du service personnalisées créées précédemment.

    Dim serviceEndpoint As New Uri("https://localhost:6060/service")
    Using host As New ServiceHost(GetType(Service), serviceEndpoint)
        Dim binding As New CustomBinding()
    
        With binding.Elements
            .Add(SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10))
            .Add(New CompositeDuplexBindingElement())
            .Add(New OneWayBindingElement())
            .Add(New HttpTransportBindingElement())
        End With
    
        Dim credentials As New MyServiceCredentials()
        SetupCertificates(credentials)
        With host.Description.Behaviors
            .Remove(GetType(ServiceCredentials))
            .Add(credentials)
        End With
    
        Dim endpoint = host.AddServiceEndpoint(GetType(IMyService), binding, "")
        host.Open()
    
        Console.WriteLine("Service started, press ENTER to stop...")
        Console.ReadLine()
    End Using
    
                Uri serviceEndpoint = new Uri("https://localhost:6060/service");
                using (ServiceHost host = new ServiceHost(typeof(Service), serviceEndpoint))
                {
                    CustomBinding binding = new CustomBinding();
                    binding.Elements.Add(SecurityBindingElement.
                        CreateMutualCertificateDuplexBindingElement(
    MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10));
                    binding.Elements.Add(new CompositeDuplexBindingElement());
                    binding.Elements.Add(new OneWayBindingElement());
                    binding.Elements.Add(new HttpTransportBindingElement());
    
                    MyServiceCredentials credentials = new MyServiceCredentials();
                    SetupCertificates(credentials);
                    host.Description.Behaviors.Remove(typeof(ServiceCredentials));
                    host.Description.Behaviors.Add(credentials);
    
                    ServiceEndpoint endpoint = host.AddServiceEndpoint(
                        typeof(IMyService), binding, "");
                    host.Open();
    
                    Console.WriteLine("Service started, press ENTER to stop...");
                    Console.ReadLine();
                }
    

Voir aussi

Référence

ClientCredentials
ServiceCredentials
ClientCredentialsSecurityTokenManager
ServiceCredentialsSecurityTokenManager
IdentityVerifier

Concepts

Procédure pas à pas : création d'informations d'identification de client et de service personnalisées