可以通过 SSL 上的 WCF 使用 Kerberos 令牌配置文件吗?
到处的示例都展示了如何通过 WCF 执行 Kerberos 令牌配置文件 1.1,但它使用消息安全性。事实上,WCF 实现默认是签名+加密。我需要使用 SSL,而不是使用 KTP 进行身份验证和签名,而不是加密。
如果我将模式更改为 TransportWithMessageCredential,它将不再签署请求。任何人都知道这是否可能,并且最好有任何配置?谢谢
The examples everywhere show how to do Kerberos Token Profile 1.1 via WCF, however it uses Message security. In fact, the WCF implementation defaults to sign+encrypt. I have a requirement of using SSL, and instead using KTP for authentication and signing, and NOT encrypting.
If I change the mode to TransportWithMessageCredential, it no longer signs the request. Anyone know if this is possible, and ideally ahve any config? thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
呃。让我把事情变得过于复杂吧!我尝试了无数种设置组合,最终开始尝试一些简单的设置。
首先,这是开箱即用的与 wsHttpBinding 等效的 customBinding:
从那里,我开始构建,下面的配置最终完成了它。我将 ServiceContract 属性指定为仅签名。然后在配置中,“Kerberos”模式负责 Kerberos 令牌配置文件,httpsTransport 负责 SSL!就这样做到了!也许这可能会帮助其他人在未来:
编辑:我最终写了一篇关于详细信息的博客文章,以防任何阅读本文的人需要它们 - http://robertseder.spaces.live.com/blog/cns!587F478B9240C01E!773.entry
Ugg. Leave it to me to over-complicate things! I tried a bajillion combinations of settings, and eventually started widdling down to something simple.
First, here is the customBinding equivalent of wsHttpBinding, out of the box:
From there, I started building up, and the config below ultimately did it. I have the ServiceContract attribute specify to sign-only. Then in config, the "Kerberos" mode takes care of Kerberos Token Profile, and the httpsTransport takes care of SSL! That did it! Maybe this might help someone else in the future:
EDIT: I ended up writing a blog post about the details, in case anyone reading this needs them - http://robertseder.spaces.live.com/blog/cns!587F478B9240C01E!773.entry