Array
(
)

WCF + Certificado

Fabiano Vilela
   - 17 ago 2010

E ae pessoal! BLZ?Estou tende meus primeiros contatos com WCF, criei um serviço e hospedei no meu domínio funcionou perfeitamente.Agora comecei a implementar a parte de segurança e estou tendo muita dificuldades com certificado.tenho um dominio na kinghost e o meu dominio usando ssl seria assim https://meu_dominio.com.kinghost.net/~meu_dominio/
o endereço do meu serviço fica assim: https://meu_dominio.com.kinghost.net/~meu_dominio/Servico.svc
meu web.config #Código

<?xml version="1.0" encoding="utf-8"?><configuration>
  <system.web>    <compilation debug="false" />    <authentication mode="Forms" />    <anonymousIdentification enabled="true"/>    <customErrors mode="Off"/>  </system.web>  <system.serviceModel>    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />    <bindings>      <wsHttpBinding>        <binding name="wsHttpBindingWithMessageSecurity">          <security mode="Message">            <message clientCredentialType="UserName" /><!--            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> -->          </security>        </binding>      </wsHttpBinding>    </bindings>    <services>      <service name="ServicoWCF.CalcService" behaviorConfiguration="ServicoWCF.CalculatorServiceBehavior">        <endpoint address="" binding="wsHttpBinding" contract="ServicoWCF.ICalcService" bindingConfiguration="wsHttpBindingWithMessageSecurity"><!--                    <identity>            <dns value="localhost" />          </identity>-->                 </endpoint>        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />        <host>          <baseAddresses>            <add baseAddress="http://localhost:8732/" />          </baseAddresses>        </host>      </service>    </services>    <behaviors>      <serviceBehaviors>        <behavior name="ServicoWCF.CalculatorServiceBehavior">          <serviceMetadata  httpGetEnabled="True" httpsGetEnabled="True"/>          <serviceDebug includeExceptionDetailInFaults="False" />          <serviceCredentials>            <serviceCertificate                findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx"                storeLocation="LocalMachine"                storeName="My"                x509FindType="FindBySerialNumber" />            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFCustomAuthentication.CustomUsernamePasswordValidator, WCFCustomAuthentication" />          </serviceCredentials>        </behavior>      </serviceBehaviors>    </behaviors>  </system.serviceModel>
</configuration>	

Ao tentar acessá-lo obtenho o seguinte erro:

Server Error in '/~meu_dominio' Application.

Identificador inválido.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Security.Cryptography.CryptographicException: Identificador inválido.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 

[CryptographicException: Identificador inválido.
]
  System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +9719295
  System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +75
  System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +89
  System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) +162
  System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +171
  System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate) +68

[ArgumentException: It is likely that certificate 'CN=*.kinghost.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.]
  System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate) +12263404
  System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider() +36
  System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement) +63
  System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement) +48
  System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateTlsnegoServerX509TokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement) +191
continua....

Alguém tem alguma noção de como eu resolver isso?Desde já agradeço