我有一个 WCF 服务和一个桌面客户端。我使用 net.tcp 绑定(bind)。我有自己的身份验证方法,但我希望对消息进行加密。所以我在双方都安装了相同的证书。我的配置如下:
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="Root" findValue="myCertificateIssuer" x509FindType="FindByIssuerName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
...
<binding name="simpleTCP" closeTimeout="00:10:00" openTimeout="00:10:00"
sendTimeout="00:10:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" >
<security mode="None">
<message clientCredentialType="Certificate"/>
</security>
</binding>
我在服务器上也有相同的配置。该解决方案有效,但我不知道它是否真的加密了消息。我认为此配置关闭默认身份验证但仍加密 channel 是否正确?
提前致谢
最佳答案
详细说明初始响应
如果您想加密 channel ,请使用类似这样的绑定(bind)进行传输级加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Transport"> <!-- Channel -->
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
要加密消息,使用类似这样的绑定(bind)进行消息级加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Message"> <!-- Message -->
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</netTcpBinding>
</bindings>
您会注意到下面的节点 <security/>
可以是<message/>
或 <transport/>
, 这应该与您选择的 mode
匹配. clientCredentialType
设置为 Certificate
使用您的服务证书进行加密。
"[To encrypt the channel] with netTcpBinding, when using Windows authentication, the binding uses the service’s Windows token to provide message protection. When using non-Windows authentication such as certificate authentication, you have to configure a service certificate as service credentials. The binding uses the service certificate for message protection."
"[To encrypt the message] when using Windows authentication, message security uses the service’s Windows token to provide message security. When using non-Windows authentication such as username, certificate, or issue token authentication, you have to configure a service certificate as service credentials. Message security uses the service certificate for message protection."
希望这涵盖了所有基础,并让您使用该 x.509 证书加密您的消息或 channel 。
关于c# - WCF net.tcp 与基于证书的消息安全性绑定(bind)但安全模式已关闭,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33293450/