当前位置: 代码迷 >> PB >> WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"
  详细解决方案

WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

热度:305   发布时间:2016-04-29 05:22:50.0
WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

原创地址:http://www.cnblogs.com/jfzhu/p/4071342.html                                                                                        

转载请注明出处

 

前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode,并且clientCredentialType用的是certificate。

本文演示basicHttpbinding使用Transport Security Mode,并且clientCredentialType="None"。

 

 

(一)WCF 服务代码与配置文件

IDemoService.cs

using System.ServiceModel;namespace WCFDemo {        [ServiceContract(Name = "IDemoService")]     public interface IDemoService     {         [OperationContract]         [FaultContract(typeof(DivideByZeroFault))]         int Divide(int numerator, int denominator);     } }

 

DemoService.cs

using System; using System.ServiceModel; using System.ServiceModel.Activation;namespace WCFDemo {     [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]     public class DemoService : IDemoService     {         public int Divide(int numerator, int denominator)         {             try             {                 return numerator / denominator;             }             catch (DivideByZeroException ex)             {                 DivideByZeroFault fault = new DivideByZeroFault();                 fault.Error = ex.Message;                 fault.Detail = "Denominator cannot be ZERO!";                 throw new FaultException<DivideByZeroFault>(fault);             }                   }     } }

 

完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》

 

server web.config

<?xml version="1.0"?> <configuration>     <system.web>       <compilation debug="true" targetFramework="4.0" />     </system.web>     <system.serviceModel>       <bindings>         <basicHttpBinding>           <binding name="basicBinding">             <security mode="Transport">               <transport clientCredentialType="None" />             </security>           </binding>         </basicHttpBinding>       </bindings>       <services>         <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior">           <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" />                    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>         </service>       </services>         <behaviors>             <serviceBehaviors>                 <behavior name="CustomBehavior">                     <serviceMetadata httpsGetEnabled="true" />                     <serviceDebug includeExceptionDetailInFaults="false" />                                    </behavior>             </serviceBehaviors>         </behaviors>         <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />     </system.serviceModel> </configuration> 

 

(二)为WCF Service application添加一个https binding。

具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》

image

 

配置完https binding之后,双击SSL Settings

image

 

勾选Require SSL,点击Apply。

image

 

 

Http的Binding还是不可缺少,否则会出现下面的错误

image

 

 

image

 

 

(三)在客户端安装SSL根证书

由于https证书使用的是

image

 

所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc

 

在客户端,为C:\Windows\System32\Drivers\etc\host 添加一条记录

image

 

然后安装根证书

双击根证书文件,弹出证书属性的对话框,此时该根证书并不受信任,我们需要将其加入“受信任的根证书颁发机构”,点击安装证书

image

image

image

image

image

image

image

 

image

 

(四)客户端代码与配置文件

在客户端Visual Studio添加Service Reference

image

 

private void buttonCalculate_Click(object sender, EventArgs e) {     try     {         textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString();     }     catch (FaultException<DemoServiceReference.DivideByZeroFault> fault)     {         MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail);     } }

 

client app.config

<?xml version="1.0" encoding="utf-8" ?> <configuration>     <system.serviceModel>         <bindings>             <basicHttpBinding>                 <binding name="BasicHttpBinding_IDemoService">                     <security mode="Transport" />                 </binding>             </basicHttpBinding>         </bindings>         <client>             <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService"                 binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService"                 contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" />         </client>     </system.serviceModel> </configuration>

 

 

(五)运行代码,监听Message

image

 

使用Fiddler,发现消息全部加密

image

image

 

但是如果用Microsoft Service Trace Viewer查看Message Log(参见《使用WCF的Trace与Message Log功能 》),可以看到解密后的信息,因为它不是在wire上监听,而Fiddler是在wire上进行监听。

Request:

image

 

Response:

image

 

(六)总结

Transport Security Mode是传输协议级的加密,而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式,比如HTTP的加密方式就为SSL。

  相关解决方案