WCF 一般故障已加密,其中保护级别仅是符号

发布于 2024-09-15 12:08:37 字数 4666 浏览 10 评论 0原文

如果我的服务端点上出现一般故障,则故障响应会被意外地加密。

出于互操作性原因,我创建了一个具有自定义绑定的端点,该框架使用仅通过soap 1.1 签名的传输安全设置。

    <service behaviorConfiguration="MyProject.WebServices.MyServiceBehavior"
                name="MyProject.WebServices.Protected">
    <endpoint address="" binding="customBinding" bindingConfiguration="mySoap11"
                    contract="MyProject.WebServices.IMyService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>

   <behavior name="MyProject.WebServices.MyServiceBehavior">
     <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
     <serviceDebug includeExceptionDetailInFaults="true" />
     <serviceCredentials>
      <clientCertificate>
       <authentication revocationMode="NoCheck" trustedStoreLocation="LocalMachine"
                                            certificateValidationMode="PeerOrChainTrust"/>
      </clientCertificate>
      <serviceCertificate findValue="aa bb cc dd ee ..."
                                            storeLocation="LocalMachine"
                                            storeName="My"
                                            x509FindType="FindByThumbprint"/>
     </serviceCredentials>
    </behavior>

   <customBinding>
    <binding name="mySoap11">
     <textMessageEncoding messageVersion="Soap11" />
     <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate"
                        requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="false"
                        messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                        requireSecurityContextCancellation="false" requireSignatureConfirmation="false">
      <localClientSettings detectReplays="false" />
      <localServiceSettings detectReplays="false" />
      <secureConversationBootstrap />
     </security>
     <httpTransport>
      <extendedProtectionPolicy policyEnforcement="Never" />
     </httpTransport>
    </binding>
   </customBinding>

有两个故障合约装饰着操作合约。第一个用于一般故障,第二个是使用企业库的验证故障契约。 服务契约属性和操作契约两个错误被修饰为

 [ValidationBehavior()]
    [ServiceContract(Namespace = "http://namespace", ProtectionLevel=ProtectionLevel.Sign)]
 public interface IMyService
    {

  [OperationContract]
        [FaultContract(typeof(ValidationFault), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        [FaultContract(typeof(MyFaultContract), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        MyTypeOfContractResponse Method(MyTypeOfContractRequest request);

 }

 //The message response contract

 [MessageContract(IsWrapped = false)]
    public class MyTypeOfContractResponse
    {
        [MessageBodyMember]
        public bool Success { get; set; }
    }

 //The message request contract

 [MessageContract(IsWrapped = true, ProtectionLevel=ProtectionLevel.Sign)]
    [HasSelfValidation]
    public class MyTypeOfContractRequest
    {
        [MessageBodyMember(Order = 0)]
        public bool MyValue { get; set; }

  [SelfValidation]
        public void DoValidate(ValidationResults results)
        {
   ...
  }

 }

等等...

如果发出了良好的请求,则响应正文是正常可读的签名且未加密的。如果发生验证错误或引发 WCF 错误契约异常,则响应再次有效、可读且仅带有签名。

 <s:Body u:Id="_1">
 <Success xmlns="http://namespace">true</Success>
</s:Body>

然而,如果是一般错误,它会以 throw new Exception(); 的形式抛出;或出现错误;假设消息契约消息体成员的顺序已更改;然后响应正文被加密,例如

    <s:Body u:Id="_2">
  <e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
   <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <o:Reference URI="#_0"></o:Reference>
    </o:SecurityTokenReference>
   </KeyInfo>
   <e:CipherData>
    <e:CipherValue>+7Zs7rMkF...</e:CipherValue>
   </e:CipherData>
  </e:EncryptedData>
 </s:Body>

您将如何防止未处理的响应被加密?

If a general fault is raised on my service endpoint the fault response is undesirably and unexpectedly encrypted.

I have created an endpoint with a custom binding for interoperability reasons with a java spring framework set up with transport security with signature only over soap 1.1.

    <service behaviorConfiguration="MyProject.WebServices.MyServiceBehavior"
                name="MyProject.WebServices.Protected">
    <endpoint address="" binding="customBinding" bindingConfiguration="mySoap11"
                    contract="MyProject.WebServices.IMyService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>

   <behavior name="MyProject.WebServices.MyServiceBehavior">
     <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
     <serviceDebug includeExceptionDetailInFaults="true" />
     <serviceCredentials>
      <clientCertificate>
       <authentication revocationMode="NoCheck" trustedStoreLocation="LocalMachine"
                                            certificateValidationMode="PeerOrChainTrust"/>
      </clientCertificate>
      <serviceCertificate findValue="aa bb cc dd ee ..."
                                            storeLocation="LocalMachine"
                                            storeName="My"
                                            x509FindType="FindByThumbprint"/>
     </serviceCredentials>
    </behavior>

   <customBinding>
    <binding name="mySoap11">
     <textMessageEncoding messageVersion="Soap11" />
     <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate"
                        requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="false"
                        messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                        requireSecurityContextCancellation="false" requireSignatureConfirmation="false">
      <localClientSettings detectReplays="false" />
      <localServiceSettings detectReplays="false" />
      <secureConversationBootstrap />
     </security>
     <httpTransport>
      <extendedProtectionPolicy policyEnforcement="Never" />
     </httpTransport>
    </binding>
   </customBinding>

There are two fault contracts decorating the operation contracts. The first for general faults and the second is using the enterprise library's validation fault contract.
The service contract attribute and the operation contratcs two faults are decorated as

 [ValidationBehavior()]
    [ServiceContract(Namespace = "http://namespace", ProtectionLevel=ProtectionLevel.Sign)]
 public interface IMyService
    {

  [OperationContract]
        [FaultContract(typeof(ValidationFault), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        [FaultContract(typeof(MyFaultContract), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        MyTypeOfContractResponse Method(MyTypeOfContractRequest request);

 }

 //The message response contract

 [MessageContract(IsWrapped = false)]
    public class MyTypeOfContractResponse
    {
        [MessageBodyMember]
        public bool Success { get; set; }
    }

 //The message request contract

 [MessageContract(IsWrapped = true, ProtectionLevel=ProtectionLevel.Sign)]
    [HasSelfValidation]
    public class MyTypeOfContractRequest
    {
        [MessageBodyMember(Order = 0)]
        public bool MyValue { get; set; }

  [SelfValidation]
        public void DoValidate(ValidationResults results)
        {
   ...
  }

 }

and so forth...

If a good request is made the response body is normal readable signed and unencrypted. If a validation fault occurs or a WCF fault contract exception is thrown then the response is again valid, readable and with a signature only.

 <s:Body u:Id="_1">
 <Success xmlns="http://namespace">true</Success>
</s:Body>

If however a general fault it thrown in the form of throw new Exception(); or an error is raised; by let's say the order of the message contracts message body members was changed; then the response body is encrypted such as

    <s:Body u:Id="_2">
  <e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
   <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <o:Reference URI="#_0"></o:Reference>
    </o:SecurityTokenReference>
   </KeyInfo>
   <e:CipherData>
    <e:CipherValue>+7Zs7rMkF...</e:CipherValue>
   </e:CipherData>
  </e:EncryptedData>
 </s:Body>

How would you go about preventing the unhandled responses from being encrypted?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文