我正在尝试使用WCF通过互联网设计网络服务。要求是我们需要的 提供TLS(传输层安全性)和MLS(消息层安全性)。为此,我们将“ ws2007HttpBinding ”与安全模式一起用作“ TransportWithMessageCredential ”。在这里,我发现请求是通过SSL传输的,但是当使用Fiddler(用于https)时,我发现soap body是明文格式。
对于传输级安全性,我使用ClientCredentialType作为“None”,对于消息级安全性,我使用“Certificate”作为ClientCredentialType。
我正在使用.net framework 3.5。
为了您的信息,我使用的是SSL和SSL的不同证书。服务器
我的Web服务器配置如下。
<system.serviceModel>
<services>
<service behaviorConfiguration="API_WCF.Service1Behavior" name="API_WCF.API">
<endpoint address="https://localhost/API_WCF/API.svc" name="API" binding="ws2007HttpBinding" bindingConfiguration="customWsHttpBinding" contract="API_WCF.IARDAPI">
<identity>
<dns />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="customWsHttpBinding">
<!-- For http -->
<!--
<security mode="Message">
<message clientCredentialType="Certificate" negotiateServiceCredential="false" establishSecurityContext="false"/>
</security>
-->
<!-- For https -->
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="Certificate" negotiateServiceCredential="false" establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="API_WCF.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost/API_WCF/API.svc/API"/>
<serviceCredentials>
<serviceCertificate findValue="CN=WSE2QuickStartServer" storeLocation="LocalMachine" x509FindType="FindBySubjectDistinguishedName" storeName="My"/>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics wmiProviderEnabled="true" performanceCounters="ServiceOnly">
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="3000"/>
</diagnostics>
</system.serviceModel>
请指导如何通过互联网在WCF中实现传输层安全性的消息级安全性。
答案 0 :(得分:0)
如果您需要在HTTPS模式下运行fiddler来查看您的WCF消息,那么您已经在使用TLS了!
如果在HTTP模式下使用fiddler时加密消息,则表示您的消息在通过网络发送之前是安全的。请参阅:How to: Use Transport Security and Message Credentials
使用TransportWithMessageCredential意味着在HTTP方案中,您的服务将通过HTTPS进行保护,您可以选择使用其他消息内凭据(MLS)。
答案 1 :(得分:0)
如果您需要SSL和消息级加密(而不仅仅是消息级别身份验证),则需要使用自定义绑定。例如(实际配置取决于你想要的):
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"></security>
<httpsTransport />