指定签名时加密 WCF 消息 (net.msmq)
我正在使用 WCF 通过 MSMQ(net.msmq 协议)发送消息。一切顺利,BizTalk 服务器接收消息并处理它。但是,当我查看 SVCLOG 时,我发现当我专门将 MsmqProtectionLevel 设置为 Sign 时,消息已加密。
还有其他人看到过这种行为吗?是否可以停止加密?我的一些消息超过 1MB,加密使速度变得非常慢。
提前致谢!
ChannelFactory<OnRampEntry> Factory
{
get
{
if (factory == null)
{
lock (this)
{
if (factory == null)
{
var uri = ResolveQueueName(new Uri(Url));
var identity = EndpointIdentity.CreateDnsIdentity(BizTalkIdentity);
var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)
{
DeadLetterQueue = DeadLetterQueue.System,
ExactlyOnce = true
};
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
binding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.WindowsDomain;
binding.Security.Transport.MsmqSecureHashAlgorithm = MsmqSecureHashAlgorithm.Sha1;
factory = new ChannelFactory<OnRampEntry>(binding, new EndpointAddress(uri, identity, (AddressHeaderCollection) null));
factory.Endpoint.Behaviors.Add(new LogonCertificateBehavior());
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, BizTalkIdentity);
factory.Open();
}
}
}
return factory;
}
}
/// <summary>
/// MSMQ does not allow a DNS alias to be used in a queue name, e.g. "net.msmq://alias/private$/queue".
/// <b>ResolveQueueName</b> will tranlsate an alias to its actual machine name.
/// </summary>
/// <param name="uri"></param>
/// <returns></returns>
Uri ResolveQueueName(Uri uri)
{
var hostName = uri.DnsSafeHost;
try
{
var hostEntry = Dns.GetHostEntry(hostName);
var resolved = new Uri(uri.ToString().Replace(hostName, hostEntry.HostName));
if (log.IsDebugEnabled)
log.Debug(string.Format("Resolved '{0}' to '{1}'.", uri, resolved));
return resolved;
}
catch (SocketException e)
{
if (e.SocketErrorCode == SocketError.HostNotFound)
return uri;
throw e;
}
}
I'm using WCF to send a message via MSMQ (net.msmq protocol). All is going well the BizTalk server receives the message and processes it. However, when I looked into the SVCLOG, I see the message is encrypted when I specifically set MsmqProtectionLevel to Sign.
Has anyone else seen this behaviour? Is it possible to stop the encryption? Some of my messages are over 1MB and encryption makes things real slow.
Thanks in advance!
ChannelFactory<OnRampEntry> Factory
{
get
{
if (factory == null)
{
lock (this)
{
if (factory == null)
{
var uri = ResolveQueueName(new Uri(Url));
var identity = EndpointIdentity.CreateDnsIdentity(BizTalkIdentity);
var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)
{
DeadLetterQueue = DeadLetterQueue.System,
ExactlyOnce = true
};
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
binding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.WindowsDomain;
binding.Security.Transport.MsmqSecureHashAlgorithm = MsmqSecureHashAlgorithm.Sha1;
factory = new ChannelFactory<OnRampEntry>(binding, new EndpointAddress(uri, identity, (AddressHeaderCollection) null));
factory.Endpoint.Behaviors.Add(new LogonCertificateBehavior());
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, BizTalkIdentity);
factory.Open();
}
}
}
return factory;
}
}
/// <summary>
/// MSMQ does not allow a DNS alias to be used in a queue name, e.g. "net.msmq://alias/private$/queue".
/// <b>ResolveQueueName</b> will tranlsate an alias to its actual machine name.
/// </summary>
/// <param name="uri"></param>
/// <returns></returns>
Uri ResolveQueueName(Uri uri)
{
var hostName = uri.DnsSafeHost;
try
{
var hostEntry = Dns.GetHostEntry(hostName);
var resolved = new Uri(uri.ToString().Replace(hostName, hostEntry.HostName));
if (log.IsDebugEnabled)
log.Debug(string.Format("Resolved '{0}' to '{1}'.", uri, resolved));
return resolved;
}
catch (SocketException e)
{
if (e.SocketErrorCode == SocketError.HostNotFound)
return uri;
throw e;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
消息加密的原因是使用 NetMsmqSecurityMode.Both - 传输安全和消息安全。
在传输级别,上面的配置使用
查看 WCF 日志,将无法查看传输级别的设置,因为消息级别加密已到位。
不幸的是,这并不能回答如何在不使用证书加密消息正文的情况下对消息进行签名(使用 X.509 证书)的问题。
The reason why the message is encrypted is the use of the NetMsmqSecurityMode.Both - both transport and message security.
At the transport level, the configuration above uses
Looking in WCF logs it will not be possible to see what is set at the transport level, as message level encryption is in place.
Unfortunately this does not answer the question of how to sign the message (with a X.509 certificate) without using the certificate to encrypt the body of the message.