如何加密但不保护 WCF 消息？

发布于 2024-12-01 12:06:15 字数 533 浏览 0 评论 0原文

我创建了一个应用程序，让机器通过网络相互通信。我想使用 NetTCPBinding 并加密消息。但是我不想要或不需要证书或 Windows 身份验证。我尝试将安全模式设置为“消息”以获取加密并将传输安全设置为“无”以避免证书/Windows 身份验证，但我仍然得到：

System.ServiceModel.Security.SecurityNegotiationException：调用者未经过服务验证。 ---> System.ServiceModel.FaultException：安全令牌的请求由于身份验证失败，无法满足。

这是相关代码：

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;

原文

I've created an app that has machines talking to each other across the net. I'd like to use NetTCPBinding and encrypt the messages. However I don't want or need certificates or windows authentication. I try to set the security mode to Message to get encryption and transport security to none to avoid the certificates/windows authentication but still I get:

System.ServiceModel.Security.SecurityNegotiationException: The caller
was not authenticated by the service. --->
System.ServiceModel.FaultException: The request for security token
could not be satisfied because authentication failed.

Here's the relevant code:

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

骷髅 2024-12-08 12:06:15

这个问题的答案有效： selfhosting wcf 服务器 - 从文件而不是证书存储加载证书

我的代码：

var certificate = new X509Certificate2("cert.pfx", "");

host = new ServiceHost(MessageProvider, address);
host.Credentials.ServiceCertificate.Certificate = certificate;
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
host.AddServiceEndpoint(typeof(IService), binding, address);
host.Open();

An answer from this question works: selfhosting wcf server - load certificate from file instead of certificate store

My code:

var certificate = new X509Certificate2("cert.pfx", "");

host = new ServiceHost(MessageProvider, address);
host.Credentials.ServiceCertificate.Certificate = certificate;
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
host.AddServiceEndpoint(typeof(IService), binding, address);
host.Open();

回复收藏 0 原文

演多会厌 2024-12-08 12:06:15

我认为这就是您正在寻找的内容：匿名客户端的消息安全性。我想您的情况的问题是您的服务没有在服务器端指定证书：

初始协商需要服务器身份验证，但不需要客户端身份验证

因此在实例化服务时尝试执行类似的操作（来自 MSDN）：

myServiceHost.Credentials.ServiceCertificate.SetCertificate(
     StoreLocation.LocalMachine,
     StoreName.My,
     X509FindType.FindByThumbprint,
     "00000000000000000000000000000000");

I think this is what you are looking for: Message Security with an Anonymous Client. I suppose the problem in your case is that your service is not specifying a certificate on server-side:

Initial negotiation requires server authentication, but not client authentication

So when instantiating the service try to do something like (from MSDN):

myServiceHost.Credentials.ServiceCertificate.SetCertificate(
     StoreLocation.LocalMachine,
     StoreName.My,
     X509FindType.FindByThumbprint,
     "00000000000000000000000000000000");

回复收藏 0 原文

~没有更多了~