这是为WCF设置证书的正确方法吗？

Question

我在selfhost中托管了一个WCF服务，并通过TCP与winform客户端进行通信。这是设置证书（Intranet传输）的正确方法吗？我怎么知道通信是加密的？

SEVICE

<behavior name="MyAppClientService.Certificate_Behavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceMetadata httpGetEnabled="true"/>
          <customBehaviorExtension_ClientService/>
          <serviceThrottling maxConcurrentCalls="2000" maxConcurrentSessions="2147483647" maxConcurrentInstances="2000"/>
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyApp.ServiceImplementation.CustomUsernamePasswordValidator, MyApp.ServiceImplementation"/>
            <serviceCertificate findValue="MyAppServer"
                  storeLocation="CurrentUser"
                  storeName="TrustedPeople"
                  x509FindType="FindBySubjectName" />
          </serviceCredentials>
          <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="MyApp.ServiceImplementation.CustomServiceAuthorizationManager, MyApp.ServiceImplementation">
            <authorizationPolicies>
              <add policyType="MyApp.ServiceImplementation.CustomAuthorizationPolicy_ClientService, MyApp.ServiceImplementation"/>
            </authorizationPolicies>
          </serviceAuthorization>
        </behavior>


<services>
      <service behaviorConfiguration="MyAppClientService.Certificate_Behavior" name="MyApp.ServiceImplementation.MyAppClientService">
        <endpoint binding="netTcpBinding" bindingConfiguration="netTcpCertificate" behaviorConfiguration="protoEndpointBehavior" bindingNamespace="http://MyApp.ServiceContracts/2007/11" contract="MyApp.ServiceContracts.IMyAppClientService" address="Sll"/>
        <!-- No need for MEX for this service -->
        <!--<endpoint address="httpMex" binding="mexHttpBinding" contract="IMetadataExchange"/>-->
        <!--<endpoint address="tcpMex" binding="mexTcpBinding" contract="IMetadataExchange"/>-->
        <host>
          <baseAddresses>
            <add baseAddress="net.tcp://localhost:8035/MyApp5Service/Client/"/>
            <add baseAddress="http://localhost:8002/MyApp5Service/Client"/>
          </baseAddresses>
        </host>

      </service>


<bindings>
      <netTcpBinding>
        <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="Transport">
            <transport clientCredentialType="Certificate"/>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </netTcpBinding>
    </bindings>

客户端

<behaviors>
      <endpointBehaviors>
        <behavior name="protoCertificateEndpointBehavior">
          <clientCredentials>
            <clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>
            <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </serviceCertificate>
          </clientCredentials>
          <CustomMessageInspector/>
          <protobuf/>
        </behavior>
      </endpointBehaviors>
    </behaviors>

    <client>
          <endpoint address="net.tcp://localhost:8035/MyApp5Service/Client/Sll" behaviorConfiguration="protoCertificateEndpointBehavior" binding="netTcpBinding" bindingConfiguration="netTcpCertificate" contract="MyApp.ServiceContracts.IMyAppClientService" name="SelfHostProtoCert_RegularLogin">
            <identity>
              <dns value="MyAppServer" />
            </identity>
          </endpoint>
        </client>


        <bindings>
              <netTcpBinding>
                <!-- http://msdn.microsoft.com/en-us/library/ff648863.aspx -->
                <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
                  <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
                  <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
                  <security mode="Transport">
                    <transport clientCredentialType="Certificate"/>
                    <message clientCredentialType="Certificate"/>
                  </security>
                </binding>
              </netTcpBinding>
            </bindings>

Answer 1

乍一看配置看起来不错。但在这里，我看到另一个问题，如何确保流量真正加密。我想你可以尝试Network Monitor来捕获tcp流量。它有一些解密SSL流量的工具。