我在尝试将WCF-Routing引入包含两个启用了邮件安全性的目标服务端点的项目时遇到问题。 (仅签名 - 无加密) 我设置了两个简单的基于操作的过滤器,它们指向一个服务或另一个服务。
从我的客户端调用RoutingService会在跟踪日志中显示以下错误消息:
The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part was not encrypted.
我在服务界面上设置了ProtectionLevel.Sign,所以我很难理解为什么这是一个问题。
[ServiceContract(Namespace = "http://helloservice.adam.com/services/v1.0", ProtectionLevel = ProtectionLevel.Sign)]
public interface IHelloAService
{
[OperationContract(Action = "http://helloservice.adam.com/services/v1.0/helloa", ProtectionLevel = ProtectionLevel.Sign)]
string SayHello(string name);
}
任何人都可以提供的帮助将非常感激。
服务
<services>
<service name="System.ServiceModel.Routing.RoutingService" behaviorConfiguration="RoutingSecureBehavior" >
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="System.ServiceModel.Routing.ISimplexDatagramRouter"
name="RoutingServiceEndpoint" />
</service>
<service name="WCF.Services.HelloAService" behaviorConfiguration="SecureServiceBehavior">
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="WCF.Services.IHelloAService" />
</service>
<service name="WCF.Services.HelloBService" behaviorConfiguration="SecureServiceBehavior">
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="WCF.Services.IHelloBService" />
</service>
</services>
绑定
<customBinding>
<binding name="HTTPSCustomBinding">
<textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8" />
<security allowSerializedSigningTokenOnReply="true"
authenticationMode="MutualCertificateDuplex"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
messageProtectionOrder="SignBeforeEncrypt" />
<httpsTransport/>
</binding>
</customBinding>
服务行为
<serviceBehaviors>
<behavior name="SecureServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />
</clientCertificate>
<serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />
</behavior>
<behavior name="RoutingSecureBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />
</clientCertificate>
<serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />
<routing filterTableName="MyFilterTable" routeOnHeadersOnly="True" />
</behavior>
</serviceBehaviors>
过滤器的
<routing>
<filters>
<filter name="HelloAAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/helloa" />
<filter name="HelloBAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/hellob" />
</filters>
<filterTables>
<filterTable name="MyFilterTable">
<add filterName="HelloAAction" endpointName="HelloA" priority="100" />
<add filterName="HelloBAction" endpointName="HelloB" priority="100" />
</filterTable>
</filterTables>
</routing>
服务端客户端
<client>
<endpoint name="HelloA" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />
<endpoint name="HelloB" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />
</client>
端点行为
<endpointBehaviors>
<behavior name="Internal_SecureClientBehavior">
<clientCredentials>
<clientCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />
<defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
客户端客户端
<client>
<endpoint name="ServiceProxy"
address="https://services.adam.com/ServiceProxy.svc"
binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
behaviorConfiguration="SecureClientBehavior"
contract="WCF.Services.IHelloAService">
<identity>
<dns value="service.adam.com" />
</identity>
</endpoint>
</client>
绑定
<customBinding>
<binding name="HTTPSCustomBinding">
<textMessageEncoding messageVersion="Default" writeEncoding="utf-8" />
<security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"
maxPendingAccepts="1" />
</binding>
</customBinding>
行为
<endpointBehaviors>
<behavior name="SecureClientBehavior">
<clientCredentials>
<clientCertificate findValue="client.adam.com" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />
<defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>