我用IDispatchMessageInspector
这个。虽然不确定这是否是性能最佳的方法,但事实证明它运行良好。
我的客户使用消息头来发送他们唯一的 GUID。每个 GUID 对应于每个客户端证书,这些证书存储在 Windows 注册表中。GUID 由客户端生成(我使用UuidCreateSequential()来生成)
我将与您分享我的解决方案。这是我的服务代码:
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
IList<IIdentity> identities = OperationContext.Current.ServiceSecurityContext.AuthorizationContext.Properties["Identities"] as IList<IIdentity>;
string clientGuid = request.Headers.GetHeader<string>("Guid", "MyNamespace");
if (clientGuid == null)
throw new FaultException("Client GUID not sent!");
Guid testGuid = Guid.Empty;
if (!Guid.TryParse(clientGuid, out testGuid))
{
throw new FaultException(string.Format("The format of the GUID '{0}' is not valid!", clientGuid));
}
IIdentity X509Identity = identities.Where(x => x.AuthenticationType == "X509").SingleOrDefault();
RegistryKey identityKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Identities");
string storedSubjectName = (string)identityKey.GetValue(clientGuid);
if (storedSubjectName == null)
{
string[] valueNames = identityKey.GetValueNames();
for (int idx = 0; idx < valueNames.Count(); idx++)
{
string testCN = (string)identityKey.GetValue(valueNames[idx]);
if (testCN == X509Identity.Name)
{
throw new FaultException(string.Format("Certificate '{0}' has already been registered!", X509Identity.Name));
}
}
identityKey.SetValue(clientGuid, X509Identity.Name, RegistryValueKind.String);
}
else
{
if (storedSubjectName != X509Identity.Name)
throw new FaultException(string.Format("Certificate '{0}' used by the user registered with the certificate '{0}'", X509Identity.Name, storedSubjectName));
}
identityKey.Close();
return null;
}
客户端上的代码:
在应用启动时
RegistryKey guidKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Settings");
string clientGuid = (string)guidKey.GetValue("Guid");
if (clientGuid == null)
{
clientGuid = UUID.mGetNewGUID().ToString();
guidKey.SetValue("Guid", clientGuid, RegistryValueKind.String);
}
感谢这篇文章,一个帮助类来获取唯一的 UUID
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
static class UUID
{
// ==========================================================
// GUID Creation
// ==========================================================
private const int RPC_S_OK = 0;
private const int RPC_S_OUT_OF_MEMORY = 14;
private const int RPC_S_UUID_NO_ADDRESS = 1739;
private const int RPC_S_UUID_LOCAL_ONLY = 1824;
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreateSequential(ref Guid guid);
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreate(ref Guid guid);
/// <summary>
/// Creates the machine GUID.
/// </summary>
public static Guid mGetNewGUID()
{
Guid guidMachineGUID = default(Guid);
int intReturnValue = UuidCreateSequential(ref guidMachineGUID);
switch (intReturnValue)
{
case RPC_S_OK:
return guidMachineGUID;
case RPC_S_OUT_OF_MEMORY:
throw new Exception("UuidCreate returned RPC_S_OUT_OF_MEMORY");
case RPC_S_UUID_NO_ADDRESS:
throw new Exception("UuidCreate returned RPC_S_UUID_NO_ADDRESS");
case RPC_S_UUID_LOCAL_ONLY:
throw new Exception("UuidCreate returned RPC_S_UUID_LOCAL_ONLY");
default:
throw new Exception("UuidCreate returned an unexpected value = " + intReturnValue.ToString());
}
}
}
在BeforeSendRequest
_IClientMessageInspector
var guidHeader = new MessageHeader<string>(Service.ClientGuid);
var untypedGuid = guidHeader.GetUntypedHeader("Guid", "MyNamespace");
request.Headers.Add(untypedGuid);