带有消息安全性的WCF / basicHttp可以与Java客户端互操作吗?

时间:2014-04-28 03:14:50

标签: wcf x509

basicHttp绑定对Java客户端很有用,没有问题,如果我打开消息安全性,会不会给Java客户端带来麻烦?

由于basicHttp是SOAP1.1,如果启用了邮件安全性,它是否会使用WS-Security来支持基于证书的身份验证?

1 个答案:

答案 0 :(得分:1)

如果要在使用SOAP 1.1时使用基于证书的身份验证,最好使用自定义绑定(还要考虑基于Java的客户端或oracle服务之类的互操作性)。 AuthenticationMode会根据您的需要而改变。

例如,以下绑定显示服务器端和客户端的相互证书身份验证+传输安全性(https)。

<customBinding>
    <binding name="customSSLMutualCertificate" sendTimeout="00:05:00" receiveTimeout="00:05:00">
      <customTextMessageEncoding messageVersion="Soap11"/>
      <security defaultAlgorithmSuite="Basic256Rsa15" authenticationMode="MutualCertificate"
          requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="false"
          keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt"
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
          requireSignatureConfirmation="false" enableUnsecuredResponse="true">
        <localClientSettings cacheCookies="true" detectReplays="false"
            replayCacheSize="900000" maxClockSkew="00:05:00"
            maxCookieCachingTime="Infinite"
            replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
            sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
            timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
        <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
            maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
            negotiationTimeout="00:01:00" replayWindow="00:05:00"
            inactivityTimeout="00:02:00"
            sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
            reconnectTransportOnFailure="true" maxPendingSessions="128"
            maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        <secureConversationBootstrap />
      </security>
      <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
                   maxReceivedMessageSize="65536" allowCookies="false"
                   authenticationScheme="Anonymous"
                   bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                   keepAliveEnabled="true" maxBufferSize="65536"
                   proxyAuthenticationScheme="Anonymous"
                   realm="" transferMode="Buffered"
                   unsafeConnectionNtlmAuthentication="false"
                   useDefaultWebProxy="true"  requireClientCertificate="false"/>
    </binding>
  </customBinding>

另请参阅Does WCF support WS-Security with SOAP 1.1?了解其他选项

相关问题
最新问题