当前位置: 文江博客话题详情

使用 HTTPS 的 WCF 会话

发布于 2024-07-12 01:13:24 字数 621 浏览 3 评论 0原文

我无法弄清楚如何在使用 HTTPS 时为我的 WCF 服务启用每会话实例。 (我不是 ASP.NET 专家,但如果可能的话,不想使用 ASP.NET 会话状态。)我正在使用 .NET Framework 3.0。

我遇到了以下矛盾,希望有人能告诉我哪里有逻辑缺陷。

1) 由于客户要求,该服务必须托管在 IIS 6 上。

2)服务需要维护调用之间的状态,包括SqlConnection和SqlTransaction实例(虽然丑陋但由于项目限制是必要的)。

3)因此我需要使用wsHttpBinding。

4) 该服务需要能够从HttpContext.Current.User.Identity 访问用户身份验证信息(例如,在IIS 中使用Windows 安全性)。

5) 因此需要HTTPS。

6) 因此必须在绑定上配置传输级安全性。

7) 将服务配置为需要会话意味着我必须将 wsHttpBinding 配置为使用可靠会话。

8) 这需要在绑定上配置消息级安全性。

即(6)和(8)是互斥的。

看来使用 WCF 会话需要我使用消息级安全性,这会阻止我使用 HTTPS。

我缺少什么?

原文

I cannot figure out how to enable per-session instances for my WCF service while using HTTPS. (I'm not an ASP.NET expert but don't want to use ASP.NET session state if possible.) I am using .NET Framework 3.0.

I have arrived at the following contradiction and am hoping that someone can tell me where there is a flaw in the logic.

1) The service must be hosted on IIS 6 due to client mandate.

2) The service needs to maintain state between calls, including SqlConnection and SqlTransaction instances (ugly but necessary due to project constraints).

3) Therefore I need to use the wsHttpBinding.

4) The service needs to be able to access user authentication info from HttpContext.Current.User.Identity (e.g. using Windows security in IIS).

5) HTTPS is therefore required.

6) Transport-level security must therefore be configured on the binding.

7) Configuring the service to require sessions means I have to configure the wsHttpBinding to use Reliable Sessions.

8) This requires that message-level security is configured on the binding.

I.e. (6) and (8) are mutually exclusive.

It seems that using WCF sessions requires that I use message-level security, which prevents me from using HTTPS.

What am I missing?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

π浅易 2024-07-19 01:13:24

3) TruewsHttpBindingwsDualHttpBinding 是唯一支持会话的 HTTP 绑定

5) False,以便对服务调用者进行身份验证,您不一定需要任何传输级安全性(例如 SSL/HTTPS)。 唯一的要求是将 IIS 配置为为虚拟目录启用集成 Windows 身份验证。 然后,在 WCF 中,您可以通过三种方式实现此方案:

a) 在带有 Windows 凭据 (HTTPS) 的 wsHttpBinding 上使用传输级安全性

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="SecurityEnabledWsHttp">
                <security mode="Transport">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
</system.serviceModel>

b) 在带有 Windows 凭据 (HTTP) 的 wsHttpBinding 上使用消息级安全性

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="SecurityEnabledWsHttp">
                <security mode="Message">
                    <message clientCredentialType="Windows" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
</system.serviceModel>

c) 在以下环境下运行您的服务ASP.NET 兼容模式 并在 ASP.NET (HTTP) 中启用 Windows 身份验证

<system.web>
    <authentication mode="Windows" />
</system.web>

请注意,在 ab 中> 您将通过以下方式从服务中访问调用者的身份:

OperationContext.Current.ServiceSecurityContext.WindowsIdentity

6) True,必须在 wsHttpBinding 上启用传输级安全才能使用 HTTPS

7) False、可靠会话是 WCF 会话的可靠消息传递的特定实现。 可靠消息传递是一种 WS-* 标准规范,旨在保证不可靠网络上的消息传递。 您可以在没有可靠消息传递的情况下使用 WCF 会话,反之亦然。 使用此属性在服务契约上启用会话:

[ServiceContract(SessionMode=SessionMode.Required)]
public interface IMyService {
    // ...
}

还请记住,为了维护服务调用之间的状态,您必须明确地在服务契约实现上启用适当的实例模式:

[ServiceBehavior(InstanceContextMode=InstanceContextMode.PerSession)]
public class MyService : IMyService {
    // ...
}

WCF 中有两种会话:安全会话可靠会话wsHttpBindingnetTcpBinding 的默认设置都是使用安全会话。
对于 wsHttpBinding,这是通过使用消息级安全来完成的客户端的凭据,这是绑定的默认设置
对于 netTcpBinding,会话是通过使用 TCP 协议的设施在传输级别建立的.
这意味着只需切换到 wsHttpBinding 或 netTcpBinding 即可启用对 WCF 会话的支持。
另一种方法是使用可靠会话。 这必须在绑定配置中显式启用,并且消除了对 wsHttpBinding 使用消息安全性的要求。 因此,这将起作用:

<bindings> 
    <wshttpbinding> 
        <binding name="ReliableSessionEnabled"> 
            <reliablesession enabled="True" ordered="False" /> 
            <security mode="None" /> 
        </binding> 
    </wshttpbinding> 
</bindings>

8) False,可靠会话的使用独立于通信通道的安全设置。

有关更详细的说明,请查看此文章

3) True, wsHttpBinding and wsDualHttpBinding are the only HTTP bindings that support sessions

5) False, in order to authenticate the service callers you don't necessarily need to have any transport-level security (such as SSL/HTTPS). The only requirement is to configure IIS to enable Integrated Windows Authentication for a virtual directory. Then in WCF you have three possibilities to enable this scenario:

a) Use transport-level security on the wsHttpBinding with Windows credentials (HTTPS)

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="SecurityEnabledWsHttp">
                <security mode="Transport">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
</system.serviceModel>

b) Use message-level security on the wsHttpBinding with Windows credentials (HTTP)

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="SecurityEnabledWsHttp">
                <security mode="Message">
                    <message clientCredentialType="Windows" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
</system.serviceModel>

c) Run your service under the ASP.NET Compatibility Mode and enable Windows Authentication in ASP.NET (HTTP)

<system.web>
    <authentication mode="Windows" />
</system.web>

Note that in a and b you will access the identity of the caller from within a service this way:

OperationContext.Current.ServiceSecurityContext.WindowsIdentity

6) True, transport-level security must be enabled on the wsHttpBinding in order to use HTTPS

7) False, Reliable Sessions is a particular implementation of Reliable Messaging for WCF sessions. Reliable Messaging is a WS-* standard specification designed to guarantee message delivery on an unreliable network. You can use WCF sessions without Reliable Messaging, and viceversa. Sessions are enabled on the service contract with this attribute:

[ServiceContract(SessionMode=SessionMode.Required)]
public interface IMyService {
    // ...
}

Also remember that in order to maintain state between service calls you will explicitly have to enable the appropriate instance mode on the service contract implementation:

[ServiceBehavior(InstanceContextMode=InstanceContextMode.PerSession)]
public class MyService : IMyService {
    // ...
}

There are two kinds of sessions in WCF: Secure Sessions and Reliable Sessions. The default setting for both wsHttpBinding and netTcpBinding is to use Secure Sessions.
For wsHttpBinding this is accomplished with message-level security by using the client's credentials, which is the default setting for the binding.
For netTcpBinding instead, the session is established at the tranport level by using the facilities of the TCP protocol.
This means that simply switching to wsHttpBinding or netTcpBinding will enable support for WCF sessions.
The alternative is to use Reliable Sessions. This has to explicitly be enabled in the binding configuration, and removes the requirement of using message security for the wsHttpBinding. So this will work:

<bindings> 
    <wshttpbinding> 
        <binding name="ReliableSessionEnabled"> 
            <reliablesession enabled="True" ordered="False" /> 
            <security mode="None" /> 
        </binding> 
    </wshttpbinding> 
</bindings>

8) False, Reliable Sessions are used independently of the security settings of the communication channel.

For a more detailed explanation, have a look at this article.

回复 原文
看轻我的陪伴 2024-07-19 01:13:24

遵循 Enrico 的出色回答,这些是我正在使用的配置:

服务:

<services>
    <service name="Foo.Bar.Service">
        <endpoint name="EndpointHttps"
            address=""
            binding="customBinding" bindingConfiguration="EndpointHttps"
            contract="Foo.Bar.IService" />
    </service>
</services>
<bindings>
    <customBinding>
        <binding name="EndpointHttps">
            <reliableSession />
            <mtomMessageEncoding />
            <httpsTransport />
        </binding>
    </customBinding>
</bindings>

客户端:

<client>
    <endpoint name="EndpointHttps"
        address="https://server/FooBar/service.svc"
        binding="customBinding" bindingConfiguration="EndpointHttps"
        contract="Foo.Bar.IService" />
</client>
<bindings>
    <customBinding>
        <binding name="EndpointHttps">
            <reliableSession />
            <mtomMessageEncoding />
            <httpsTransport />
        </binding>
    </customBinding>
</bindings>

注意:尽管如此,仍然没有使其与 Windows 身份验证一起使用。

Following through on Enrico's excellent answer, these are the configs I am using:

Service:

<services>
    <service name="Foo.Bar.Service">
        <endpoint name="EndpointHttps"
            address=""
            binding="customBinding" bindingConfiguration="EndpointHttps"
            contract="Foo.Bar.IService" />
    </service>
</services>
<bindings>
    <customBinding>
        <binding name="EndpointHttps">
            <reliableSession />
            <mtomMessageEncoding />
            <httpsTransport />
        </binding>
    </customBinding>
</bindings>

Client:

<client>
    <endpoint name="EndpointHttps"
        address="https://server/FooBar/service.svc"
        binding="customBinding" bindingConfiguration="EndpointHttps"
        contract="Foo.Bar.IService" />
</client>
<bindings>
    <customBinding>
        <binding name="EndpointHttps">
            <reliableSession />
            <mtomMessageEncoding />
            <httpsTransport />
        </binding>
    </customBinding>
</bindings>

Note: still haven't gotten this to work with Windows authentication though.

回复 原文
~没有更多了~

关于作者

一杆小烟枪

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

qq_E2Iff7

文章 0 评论 0

Archangel

文章 0 评论 0

freedog

文章 0 评论 0

Hunk

文章 0 评论 0

18819270189

文章 0 评论 0

wenkai

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文