3

我为我的雇主的一个项目实施了 WCF 服务和客户端应用程序,目前由于肥皂体元素而面临严重问题。问题是肥皂正文没有被加密,只有标题被加密。无论如何,提到了肥皂请求、webconfigs 和我创建证书的方式,供您参考......

WCF 服务器配置 ...................

<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding" >
      <security>
        <message clientCredentialType="Certificate" establishSecurityContext ="true"  />
      </security>
    </binding>
  </wsHttpBinding>
  <customBinding>
    <binding name="CustomBinding">        
      <textMessageEncoding messageVersion="Soap11" />
      <security authenticationMode="MutualCertificate"  requireDerivedKeys="false"
      includeTimestamp="true" keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign"        messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
      requireSecurityContextCancellation="false">            
        <secureConversationBootstrap />

      </security>
      <httpTransport />

    </binding>
  </customBinding>
</bindings>
<services>
  <service name="mysvc.MySvc" behaviorConfiguration="mysvc.Service1Behavior">
    <endpoint address="" binding="customBinding" bindingConfiguration ="CustomBinding"  contract="mysvc.IMySvc"  />        
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
     <host>
        <baseAddresses>
             <add baseAddress ="http://localhost:8888/" />
        </baseAddresses>
     </host>
  </service>
</services>
<behaviors>
  <endpointBehaviors>
    <behavior name="inspectorBehavior">
       <consoleOutputBehavior />
    </behavior>
  </endpointBehaviors>

  <serviceBehaviors>
    <behavior name="mysvc.Service1Behavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>

      <serviceCredentials>

        <serviceCertificate findValue="WCfServerCert"
        storeLocation="LocalMachine" 
        storeName="My"
        x509FindType="FindBySubjectName" />

        <clientCertificate>              
          <authentication certificateValidationMode="None" />                       
        </clientCertificate>

      </serviceCredentials>

    </behavior>
  </serviceBehaviors>
</behaviors>

WCF 客户端配置 ...................

<system.serviceModel>
    <bindings>
        <customBinding>
            <binding name="CustomBinding_IMySvc">
                <security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate"
                    requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign"
                    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                    requireSignatureConfirmation="false">
                    <localClientSettings cacheCookies="true" detectReplays="true"
                        replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
                        replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
                        sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
                        timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
                    <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
                        maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
                        negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
                        sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
                        reconnectTransportOnFailure="true" maxPendingSessions="128"
                        maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
                    <secureConversationBootstrap />
                </security>
                <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                    messageVersion="Soap11" writeEncoding="utf-8">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                </textMessageEncoding>
                <httpTransport manualAddressing="false" maxBufferPoolSize="524288"
                    maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
                    realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                    useDefaultWebProxy="true" />
            </binding>
        </customBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:8888/" binding="customBinding" behaviorConfiguration ="CustomBehavior"
          bindingConfiguration="CustomBinding_IMySvc" contract="WCFProxy.IMySvc"
          name="CustomBinding_IMySvc" >

        <identity >
          <dns value ="WCfServerCert"/>
        </identity>

      </endpoint>
    </client>
  <behaviors>
    <endpointBehaviors>
      <behavior name="CustomBehavior">
        <clientCredentials>
          <clientCertificate findValue="WCfClientCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
          <serviceCertificate>
            <defaultCertificate findValue="WCfServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
            <authentication certificateValidationMode="None"/>
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors >
</system.serviceModel>

证书创建命令..........................

makecert -n "CN=WCFServer" -r -sv WCFServer.pvk WCFServer.cer

makecert -n "CN=WCFClient" -r -sv WCFClient.pvk WCFClient.cer

makecert -sk WCFServerCert -iv d:\WCFServer.pvk -n "CN=WCFServerCert" -ic d:\WCFServer.cer -sr LocalMachine -ss My -sky exchange pe

makecert -sk WCFClientCert -iv d:\WCFClient.pvk -n "CN=WCFClientCert" -ic d:\WCFClient.cer -sr LocalMachine -ss My -sky exchange pe

4

2 回答 2

1

这发生在我身上。我用来生成 Web 服务的工具(Web 服务软件工厂)总是为服务和操作设置保护级别,并将它们设置为 ProtectionLevel.None。最终结果是我的 svcutil 配置文件将包含自定义绑定而不是简单的 wsHttpBinding。

为了解决未加密的 SOAP 正文问题,我将操作和服务本身的所有 ProtectionLevel 属性更改为 EncryptAndSign。现在 svcutil 输出具有所需的 wsHttpBinding(自定义绑定已消失)。使用 fiddler 进行测试显示主体已加密。

我也可以删除保护级别属性——对于 wsHttpBinding,它具有相同的效果。但是由于此代码是使用工具生成的,因此每次生成代码时都必须这样做。

我希望这可以帮助某人。这个让我难过了一阵子。

于 2011-06-03T22:55:04.100 回答
0

您是在谈论请求还是回复正文?在任何情况下,至少,看起来您的服务的绑定配置正在将 <security> 元素中的模式属性设置为消息(即):

  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding" >
      <security mode="Message">
        <message clientCredentialType="Certificate" establishSecurityContext ="true"  />
      </security>
    </binding>
  </wsHttpBinding>
于 2010-08-01T19:42:05.633 回答