WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"_PB

WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

原创地址：http://www.cnblogs.com/jfzhu/p/4071342.html

转载请注明出处

前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode，并且clientCredentialType用的是certificate。

本文演示basicHttpbinding使用Transport Security Mode，并且clientCredentialType="None"。

（一）WCF 服务代码与配置文件

IDemoService.cs

using System.ServiceModel;namespace WCFDemo {        [ServiceContract(Name = "IDemoService")]     public interface IDemoService     {         [OperationContract]         [FaultContract(typeof(DivideByZeroFault))]         int Divide(int numerator, int denominator);     } }

DemoService.cs

using System; using System.ServiceModel; using System.ServiceModel.Activation;namespace WCFDemo {     [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]     public class DemoService : IDemoService     {         public int Divide(int numerator, int denominator)         {             try             {                 return numerator / denominator;             }             catch (DivideByZeroException ex)             {                 DivideByZeroFault fault = new DivideByZeroFault();                 fault.Error = ex.Message;                 fault.Detail = "Denominator cannot be ZERO!";                 throw new FaultException<DivideByZeroFault>(fault);             }                   }     } }

完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》。

server web.config

<?xml version="1.0"?> <configuration>     <system.web>       <compilation debug="true" targetFramework="4.0" />     </system.web>     <system.serviceModel>       <bindings>         <basicHttpBinding>           <binding name="basicBinding">             <security mode="Transport">               <transport clientCredentialType="None" />             </security>           </binding>         </basicHttpBinding>       </bindings>       <services>         <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior">           <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" />                    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>         </service>       </services>         <behaviors>             <serviceBehaviors>                 <behavior name="CustomBehavior">                     <serviceMetadata httpsGetEnabled="true" />                     <serviceDebug includeExceptionDetailInFaults="false" />                                    </behavior>             </serviceBehaviors>         </behaviors>         <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />     </system.serviceModel> </configuration>

（二）为WCF Service application添加一个https binding。

具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》。

配置完https binding之后，双击SSL Settings

勾选Require SSL，点击Apply。

Http的Binding还是不可缺少，否则会出现下面的错误

（三）在客户端安装SSL根证书

由于https证书使用的是

所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc

在客户端，为C:\Windows\System32\Drivers\etc\host 添加一条记录

然后安装根证书

双击根证书文件，弹出证书属性的对话框，此时该根证书并不受信任，我们需要将其加入“受信任的根证书颁发机构”，点击安装证书

（四）客户端代码与配置文件

在客户端Visual Studio添加Service Reference

private void buttonCalculate_Click(object sender, EventArgs e) {     try     {         textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString();     }     catch (FaultException<DemoServiceReference.DivideByZeroFault> fault)     {         MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail);     } }

client app.config

<?xml version="1.0" encoding="utf-8" ?> <configuration>     <system.serviceModel>         <bindings>             <basicHttpBinding>                 <binding name="BasicHttpBinding_IDemoService">                     <security mode="Transport" />                 </binding>             </basicHttpBinding>         </bindings>         <client>             <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService"                 binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService"                 contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" />         </client>     </system.serviceModel> </configuration>

（五）运行代码，监听Message

使用Fiddler，发现消息全部加密

但是如果用Microsoft Service Trace Viewer查看Message Log（参见《使用WCF的Trace与Message Log功能》），可以看到解密后的信息，因为它不是在wire上监听，而Fiddler是在wire上进行监听。

Request:

Response:

（六）总结

Transport Security Mode是传输协议级的加密，而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式，比如HTTP的加密方式就为SSL。