使用WCF自托管配置https端点

时间:2012-06-06 17:39:25

标签: wcf https endpoint

我为自托管的WCF服务创建了带安全模式=“TransportWithMessageCredential”的basichttpendpoint。

我的服务器配置有:

enter code here

   <system.serviceModel>    
       <bindings>
    <basicHttpBinding>
     <binding name="BasicHttpBinding_IViewerManager" maxBufferSize="655360000"                  maxReceivedMessageSize="655360000" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered">
    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
    <security mode="TransportWithMessageCredential">
          <message clientCredentialType="Certificate" />
    </security>

           </binding>
     </basicHttpBinding>
    </bindings>

<services>
    <service behaviorConfiguration="SecureBehavior" name="Lumedx.ApolloLXPACS.ViewerServiceLibrary.ViewerManager">

    <endpoint name="basicHTTP" address="https://localhost:5100/ViewerService" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IViewerManager" contract="Lumedx.ApolloLXPACS.ServiceContracts.IViewerManager"/>
    <host>
     <baseAddresses>
      <add baseAddress="https://localhost:5100/ViewerService"/>
                    </baseAddresses>
                </host>
            </service>
        </services>

        <behaviors>
            <endpointBehaviors>
                <behavior name="HttpsBehavior">
                </behavior>
            </endpointBehaviors>
            <serviceBehaviors>

                <behavior name="SecureBehavior">

                    <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                    <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
                    <serviceCredentials>
                        <serviceCertificate findValue="RootCATest"
                                            storeLocation="LocalMachine"
                                            storeName="My"
                                            x509FindType="FindByIssuerName" />
                    </serviceCredentials>
                </behavior>

            </serviceBehaviors>
        </behaviors>

    </system.serviceModel>
my windows client config has:
<?xml version="1.0"?>
<configuration>

    <appSettings>
        <add key="priorityEndpoint1" value="basicHttpEndpoint"/>

        <add key="maxCommunicationRetries" value="0"/>
    </appSettings>


    <system.serviceModel>


        <bindings>

            <basicHttpBinding>
                <binding name="BasicHttpBinding_IViewerManager" maxBufferSize="655360000" maxReceivedMessageSize="655360000" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                    <security mode="TransportWithMessageCredential">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>

        <client>
            <endpoint name="basicHttpEndpoint" address="https://10.10.10.100:5100/ViewerService/" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IViewerManager" contract="Lumedx.ApolloLXPACS.ServiceContracts.IViewerManager" behaviorConfiguration="HttpsBehavior"/>
        </client>

        <behaviors>
            <endpointBehaviors>
                <behavior name="HttpsBehavior">
                    <clientCredentials>
                        <clientCertificate findValue="RootCATest"
                                            storeLocation="LocalMachine"
                                            storeName="My"
                                            x509FindType="FindByIssuerName" />
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
    </system.serviceModel>
<

我已经安装并配置了证书。

我使用https端点将我的Windows客户端与自托管WCF服务连接起来。我使用wireshark捕获了网络流量。我在网络流量中看到的只是服务器和客户端之间的TCP数据包。当我按照TCP流时,消息似乎没有被加密。

我在这里做错了什么?

1 个答案:

答案 0 :(得分:0)

安全模式TransportWithMessageCredential加密传输(SSL)并使邮件正文未加密。

使用您的证书进行加密。

如果您看不到加密数据,则会出现以下情况之一:

  1. 由于某种原因,流量未使用ssl
    2. 加密
  2. Wireshark可以使用它访问您的证书和加密流量。

    3. 这看起来和你做的相似吗? http://trycatch.be/blogs/decaluwet/archive/2009/04/08/decrypting-ssl-traffic-using-wireshark.aspx

    在任何情况下,如果启用了传输级别加密并且您的证书没有受到损害,您应该是安全的。

相关问题
最新问题