WSHttpBinding 绑定、客户端身份验证
我是 wcf 和使用 wshttpbinding 的新手,但我想从服务客户端中删除用户名和密码(我必须通过), 我的客户端代码是
RServiceClient serviceClient = new RServiceClient();
serviceClient.ClientCredentials.Windows.ClientCredential.UserName = "UserName";
serviceClient.ClientCredentials.Windows.ClientCredential.Password = "Password";
我不想传递此用户名和密码。
我的客户端 app.config 是:
<binding name="WSHttpBinding_IRService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
rite now 服务托管在 web 中。 service.config 或客户端应用程序 .config 是否有任何更改。 在谷歌搜索后我的薄弱知识是,改变应该是客户端,但我无法做到这一点。 :-(
注意:我的合同也需要会话。 提前致谢。
i am new to wcf and using wshttpbinding ,but i want to remove the user name and password form the service client (which i have to pass),
my client code is
RServiceClient serviceClient = new RServiceClient();
serviceClient.ClientCredentials.Windows.ClientCredential.UserName = "UserName";
serviceClient.ClientCredentials.Windows.ClientCredential.Password = "Password";
i dont want to pass this username and password.
my client app.config is:
<binding name="WSHttpBinding_IRService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
rite now service is hosted in a web.
is there any change in service.config or client side app .config.
in my weak knowledge after googleing is that change should be the client side but i m unable to do that. :-(
note: my contract requires sessions too.
thanx in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要在服务器端更改 web.config,您的客户端 web.config 将在刷新 Web 引用后自动更新。
如果您不想使用登录名/密码,我可以建议您设置相互证书身份验证。
这种方法是安全的,并且可以与其他 WS 堆栈(例如 Java CXF,...)互操作
对于相互认证身份验证:
您将需要一个 X.509 证书来允许客户端确定服务器确实是假冒的服务器,并在客户端需要另一个 X.509 证书。
这是 web.config 的示例,更多信息请访问 MSDN :
You need to change the web.config at the server side, your client web.config will be automatically updated after a refresh on the web reference.
If you do not want to use login/password, i can advice you to set up a mutual certificate authentication.
This approach is secure and interoperable with other WS stacks (eq. Java CXF, ...)
For Mutual Certification Authentication :
You will need a X.509 certificate to allow the client to be sure that the server is really who is pretend to be and an other X.509 certificate at the client-side.
Here an example of web.config, more informations at MSDN :