4

压缩启用了消息安全的 WCF 服务的通信的最佳实践是什么,它不是托管在 IIS 上并使用 HTTP 作为传输协议?

在我的搜索中,我发现在保护消息后应用压缩的通道级别的实现(因此压缩不是最佳的)。

你能为我指出正确的方向吗?甚至更好:您知道在安全协议运行之前应用的任何 WCF 压缩实现(使用消息安全性)吗?

4

1 回答 1

0

您可以使用 Microsoft 示例压缩 (Microsoft WCF Samples\WCF\Extensibility\MessageEncoder\Compression),并且可以将 Message Security 作为 TripleDesSha256 算法用作此配置。

<customBinding>
    <binding name="customNetTcpBinding">
      <transactionFlow transactionProtocol="OleTransactions" />
      <reliableSession ordered="true"/>
      <Compression innerMessageEncoding="binaryMessageEncoding"
          compressionAlgorithm="GZip" />
      <security defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SecureConversation" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
        <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
        <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        <secureConversationBootstrap defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SspiNegotiated" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
          <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
          <localServiceSettings detectReplays="true" issuedCookieLifetime="00:15:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        </secureConversationBootstrap>
      </security>
      <tcpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" connectionBufferSize="8192" hostNameComparisonMode="StrongWildcard" channelInitializationTimeout="00:00:05" maxBufferSize="65536" maxPendingConnections="10" maxOutputDelay="00:00:00.2000000" maxPendingAccepts="1" transferMode="Buffered" listenBacklog="10" portSharingEnabled="false" teredoEnabled="false">
        <connectionPoolSettings groupName="default" leaseTimeout="00:05:00" idleTimeout="00:02:00" maxOutboundConnectionsPerEndpoint="10" />
      </tcpTransport>          
    </binding>      
  </customBinding>
于 2011-09-15T11:37:33.150 回答