WCF BasicHttpBinding +用户名密码验证器+x.509
我使用 wsHttpBinding 和自定义用户名验证 x.509 为客户端设置了 WCF 服务,但没有 SSL
他们使用 PHP 并且完全无法通过 WS 安全性,因此我们的解决方案必须是添加另一个 basichttpbinding。但当我这样做时,似乎需要 SSL。我的要求是绝对不使用 SSL。
我的 wshttpbinding 的工作方式如下所示:
<wsHttpBinding>
<binding name="WSHttpBinding_ISearchService" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message" >
<message clientCredentialType="UserName"/>
</security>
</binding>
<serviceBehaviors>
<behavior name="My.Services.SearchServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceCredentials>
<serviceCertificate findValue="01000000000xxxxxxxxx" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySerialNumber" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="My.Services.UserNamePassValidator, SearchService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
使用没有 SSL 的 basichttpbinding 是否可以进行相同的配置?
I set up a WCF service for a client using wsHttpBinding with custom username validation, x.509, but NO SSL
They are using PHP and are completely unable to get past the WS security, so our solution must be to add another basichttpbinding. But when I do this, it seems like it is requiring SSL. My requirement is absolutely to NOT use SSL.
My wshttpbinding that works looks like this:
<wsHttpBinding>
<binding name="WSHttpBinding_ISearchService" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message" >
<message clientCredentialType="UserName"/>
</security>
</binding>
<serviceBehaviors>
<behavior name="My.Services.SearchServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceCredentials>
<serviceCertificate findValue="01000000000xxxxxxxxx" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySerialNumber" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="My.Services.UserNamePassValidator, SearchService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
Is this same exact configuration possible using basichttpbinding without SSL?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
BasicHttpBinding 要求 BasicHttpBinding.Security.Message.ClientCredentialType 等同于安全模式“Message”的 BasicHttpMessageCredentialType.Certificate 凭据类型。所以首先你不能使用 clientCredentialType="UserName"。
您需要有客户端证书来加密消息和传输。 WCF SDK 示例实现了一种这样的场景,请查看此处
BasicHttpBinding requires that BasicHttpBinding.Security.Message.ClientCredentialType be equivalent to the BasicHttpMessageCredentialType.Certificate credential type for security mode "Message". So first thing you cannot use clientCredentialType="UserName".
You need to have client certificate to encrypt the message and transfer. WCF SDK samples implement one such scenario, check here