关于客户端应用程序中 WCF 安全性的问题
我想做的是设置对另一台服务器上的服务的调用。 到目前为止..我已经创建了代理并获取了配置信息。
我找不到的是如何设置安全性。他们正在使用消息安全和客户端证书。
这是我的 app.config 文件..到目前为止我所拥有的。任何有关设置安全性的信息都会有所帮助。我遇到的大多数示例都与设置服务并在托管端保护它有关。
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="CCaRWebServiceSoap11Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="01:00:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="CCaRWebServiceSoap12Binding">
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="serviceEndpoint1address/"
binding="basicHttpBinding" bindingConfiguration="CCaRWebServiceSoap11Binding"
contract="CCaRWebServicePortType" name="CCaRWebServiceHttpSoap11Endpoint" />
<endpoint address="serviceEndpoint2address/"
binding="customBinding" bindingConfiguration="CCaRWebServiceSoap12Binding"
contract="CCaRWebServicePortType" name="CCaRWebServiceHttpSoap12Endpoint" />
</client>
</system.serviceModel>
我有点被投入到这个项目中,所以 WCF 对我来说有些陌生。
What I'm trying to do is setup a call to a service on another server.
So far.. I've created the proxy and got the config information.
What I'm having trouble finding is how to set the security. They are using message security and client certificates.
here is my app.config file..what I have so far. Any information on setting the security up would be helpful. Most of the examples I've come across all have to do with setting up a service and securing it on the hosting end.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="CCaRWebServiceSoap11Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="01:00:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="CCaRWebServiceSoap12Binding">
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="serviceEndpoint1address/"
binding="basicHttpBinding" bindingConfiguration="CCaRWebServiceSoap11Binding"
contract="CCaRWebServicePortType" name="CCaRWebServiceHttpSoap11Endpoint" />
<endpoint address="serviceEndpoint2address/"
binding="customBinding" bindingConfiguration="CCaRWebServiceSoap12Binding"
contract="CCaRWebServicePortType" name="CCaRWebServiceHttpSoap12Endpoint" />
</client>
</system.serviceModel>
I sort of got thrown into this project so WCF is somewhat foreign to me.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的项目中有服务参考吗?您的服务是否提供 WSDL 中的安全描述?如果两个问题的答案都是正确的,您只需更新服务参考,您的配置将更改为安全模式(如果您幸运的话)。
消息安全对您来说实际上意味着什么?消息安全还意味着消息加密和签名。基本 Http 绑定不支持消息安全性。对于自定义绑定,您可以从以下配置开始:
这将为您的服务和客户端设置相互证书身份验证(具有非对称安全性)。您将需要服务证书和带有私钥的客户端证书(由您的服务提供商提供)。您需要将这些证书导入到证书存储区。运行客户端应用程序的帐户必须有权访问客户端证书的私钥(如果您将证书放入用户的个人存储中,则应该是自动的)。
您将在端点行为中设置这些证书:
在端点中,您将引用此行为:
您还可以从代理实例上的代码设置这些证书。
请注意,这只是众多设置中的一种。我并不是说它“按原样”对您有用。使用证书设置消息安全性很棘手,尤其是在 WSDL 中没有安全性描述或者服务不是用 WCF 编写的情况下。
您还可以在 MSDN 上查看这篇文章。它还配置客户端。
Do you have service reference in your project? Does your service provides security description in WSDL? If answers for both questions are true you can simply update service reference and your configuration will be changed to secure mode (if you are lucky).
What does actually mean meassage security for you? Message security can also mean message encryption and signing. Message security is not supported in Basic Http Binding. For custom binding you can start with following configuration:
This will set mutal certificate authentication (with asymmetric security) for your service and client. You will need service certificate and client certificate with private key (provided by your service provider). You need to import these certificates to the certification store. Account running your client application has to have access to client certificate's private key (should be automatic if you place the certificate into user's Personal store).
Than you will set those certificates in endpoint behavior:
In endpoint you will refrence this behavior:
You can also set these certificates from the code on proxy instance.
Be aware that this is only one from many settings. I don't say it will work for you "as is". Setting message security with certificates is tricky especially if you don't have security description in WSDL or the service is not written in WCF.
You can also chech this article on MSDN. It also configures client.