通过HTTPS进行BizTalk WCF服务的客户端服务器证书身份验证

我在这里已经提到了我为实现我的要求所做的工作。我的要求是我需要通过托管架构（请求/响应）来托管BizTalk WCF服务（basicHttp），这样只允许经过身份验证的客户通过"https"消费
服务。最终在Windows Server 2012上的IIS 8中托管。

Here I have mention in point form what I have done to achieve my requirement. My requirement is I need to host a BizTalk WCF Service (basicHttp) by hosting the schema(request/response) which enables only the authenticated clients to consume the service via "https" eventually which is hosted in IIS 8 on Windows Server 2012.

我采取的步骤是：

1）BizTalk WCF服务发布向导（用于创建BizTalk  WCF服务并在服务上公开架构）

1) BizTalk WCF Service Publishing Wizard (used to create the BizTalk WCF service and to expose the schema on the service)

     （在IIS管理器中，在步骤：1）之后，在"默认网站"下自动创建一个站点

     (In IIS Manager a site is auto created under "Default Web Site" after the Step:1)

2）我通过单击"在"IIS管理器中创建服务器证书;创建自签名证书"​​，此步骤在"个人"下创建证书。在"证书（本地计算机）"中。在证书控制台（MMC）中

2) I create the Server Certificate in IIS Manager by clicking "Create Self Signed Certificate", this step creates a certificate under "Personal" in "Certificates(Local Computer)" in certificate console (MMC)

3）突出显示"默认网站"然后点击"绑定"和"添加" a"https"并选择"SSL证书"作为在Step上创建的那个：2

3) Highlight the "Default Web Site" and click on the "Bindings" and "Add" a "https" and select the "SSL certificate" as the one created on Step:2

4）然后我突出显示我的网站并点击"身份验证"并禁用"匿名身份验证"

4) Then I highlight my web site and click on "Authentication" and Disable the "Anonymous Authentication"

5）然后，我再次突出显示我的网站，然后点击"SSL设置"。并勾选"需要SSL"并选择"需要"和"需要"。在"客户端证书："

5) Then once again I highlight my web site and click on "SSL Settings" and Tick the "Require SSL" and choose "Require" under "Client certificates:"

下6）我打开了我网站的Web.config文件，并在< mexServiceHostFactory> 和修改，

6) I open the Web.config file of my site and add the following tags under <mexServiceHostFactory> and modifications,

• < receiveLocationMappings>< add markupFileName =" Service1.svc" receiveLocationName =" WcfService_a1 / Service1"

publicBaseAddress =" https：// cd-mypc / a1 /" />< / receiveLocationMappings>

publicBaseAddress="https://cd-mypc/a1/" /></receiveLocationMappings>

• 禁用http并启用https
• 启用"HttpsMexEndpoint"

7）重置IIS并转到BizTalk Administrator并在我的BizTalk应用程序ReceiveLocation下单击"配置"按钮。并选择"安全"选项卡并选择"运输"在"安全模式"和"无"之下在
下"运输安全"最后启用WCF服务

7) Reset IIS and go to BizTalk Administrator and under my BizTalk application ReceiveLocation click on "Configure" and select "Security" tab and choose "Transport" under "Security mode" and "None" under "Transport security" and finally Enable the WCF service

8）创建客户端证书。

8) Create Client Certificates.

• 创建自签名CA证书和客户端证书（我跟着http://ondrej.wordpress.com/2010/01/24/iis-7-and-client-certificates/）

当我尝试访问时该服务构成一个不同的PC 它提供403 -  禁止访问：访问被拒绝，您无权使用您提供的凭据查看此目录或页面。

When I try to access the service form a different pc it gives a 403 - Forbidden: Access is denied, You do not have permission to view this directory or page using the credentials that you supplied.

我甚至无法通过点击查看证书来安装。

I even can not install by clicking view certificate too.

提前谢谢。