WCF net.tcp 与基于证书的消息安全性绑定,但安全模式已关闭
WCF net.tcp binding with certificate based message security but security mode turned off
我有 WCF 服务和桌面客户端。我使用 net.tcp 绑定。我有自己的身份验证方法,但我希望对消息进行加密。所以我在双方都安装了相同的证书。我的配置如下:
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="Root" findValue="myCertificateIssuer" x509FindType="FindByIssuerName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
...
<binding name="simpleTCP" closeTimeout="00:10:00" openTimeout="00:10:00"
sendTimeout="00:10:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" >
<security mode="None">
<message clientCredentialType="Certificate"/>
</security>
</binding>
我在服务器上也有相同的配置。该解决方案有效,但我不知道它是否真的加密了消息。我的想法是否正确,此配置关闭了默认身份验证,但仍对通道进行加密?
提前致谢
初始响应的详细说明
如果您想加密 通道 ,请使用类似这样的绑定进行 传输级 加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Transport"> <!-- Channel -->
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
要加密 消息,请使用类似这样的绑定进行 消息级 加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Message"> <!-- Message -->
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</netTcpBinding>
</bindings>
您会注意到 <security/> 下面的节点可以是 <message/> 或 <transport/>,这应该与您选择的 mode 匹配。 clientCredentialType 设置为 Certificate 使用您的服务证书进行加密。
"[To encrypt the channel] with netTcpBinding, when using Windows authentication, the binding uses the service’s Windows token to provide message protection. When using non-Windows authentication such as certificate authentication, you have to configure a service certificate as service credentials. The binding uses the service certificate for message protection."
"[To encrypt the message] when using Windows authentication, message security uses the service’s Windows token to provide message security. When using non-Windows authentication such as username, certificate, or issue token authentication, you have to configure a service certificate as service credentials. Message security uses the service certificate for message protection."
希望这涵盖了所有基础,并让您使用该 x.509 证书加密您的消息或频道。
我有 WCF 服务和桌面客户端。我使用 net.tcp 绑定。我有自己的身份验证方法,但我希望对消息进行加密。所以我在双方都安装了相同的证书。我的配置如下:
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="Root" findValue="myCertificateIssuer" x509FindType="FindByIssuerName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
...
<binding name="simpleTCP" closeTimeout="00:10:00" openTimeout="00:10:00"
sendTimeout="00:10:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" >
<security mode="None">
<message clientCredentialType="Certificate"/>
</security>
</binding>
我在服务器上也有相同的配置。该解决方案有效,但我不知道它是否真的加密了消息。我的想法是否正确,此配置关闭了默认身份验证,但仍对通道进行加密?
提前致谢
初始响应的详细说明
如果您想加密 通道 ,请使用类似这样的绑定进行 传输级 加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Transport"> <!-- Channel -->
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
要加密 消息,请使用类似这样的绑定进行 消息级 加密:
<bindings>
<netTcpBinding>
<binding name="TestTcp">
<security mode="Message"> <!-- Message -->
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</netTcpBinding>
</bindings>
您会注意到 <security/> 下面的节点可以是 <message/> 或 <transport/>,这应该与您选择的 mode 匹配。 clientCredentialType 设置为 Certificate 使用您的服务证书进行加密。
"[To encrypt the channel] with netTcpBinding, when using Windows authentication, the binding uses the service’s Windows token to provide message protection. When using non-Windows authentication such as certificate authentication, you have to configure a service certificate as service credentials. The binding uses the service certificate for message protection."
"[To encrypt the message] when using Windows authentication, message security uses the service’s Windows token to provide message security. When using non-Windows authentication such as username, certificate, or issue token authentication, you have to configure a service certificate as service credentials. Message security uses the service certificate for message protection."
希望这涵盖了所有基础,并让您使用该 x.509 证书加密您的消息或频道。