如何在 WCF 中保存加密和签名的消息以供审核
我们正在构建一个高度敏感的系统,您可以将其视为银行系统,其中您有一个带有证书的客户端,该客户端调用 WCF 服务将交易发送到服务器。
以银行系统为例,该交易可以是电汇订单或借记卡。因此,为了进行审计以及在客户提起诉讼的情况下,我们需要能够提供最初由客户发送的加密和签名(流),以表明订单源自他们。
我的问题是,我找不到在反序列化和未加密之前拦截流的方法。
或者除了拦截流之外还有其他方法可以保存客户端发送的对象。
谢谢你!
We are building a highly sensitive system, you can think of it as a banking system, where you have a client with a certificate that calls a WCF service to send a transaction to the server.
staying in the example of the banking system, that transaction can be a wire order or a debit. So for audit and in case of litigation by the client we need to be able to provide the originally sent encrypted and signed (stream) by the client to show that the order originated from them.
My problem is, I can't find a way to intercept the stream before it's deserialized and unencrypted.
Or is there another way other than intercepting the stream to be able to save the object as it was sent by the client.
Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
了解WCF 跟踪 - 您可以在传输级别记录两者(通过线路传输的字节 - 将被加密)和在服务级别 - 解密后。
您还可以获得一个很好的服务跟踪查看器工具来检查跟踪信息记录(例如 XML 文件、SQL Server 表等)
Read up about WCF Tracing - you can log both at the transport level (the bytes going over the wire - will be encrypted) and at the service level - after decryption.
You also get a nice Service Trace Viewer Tool to inspect the trace information logged (to e.g. an XML file, SQL Server table etc.)