我正在构建一个系统,其中多个客户端通过 WCF 使用双工 MSMQ 连接到中央服务器(更新发送到服务器,消息定期推送到多个客户端)。
我如何最好地保护这种情况?双工 WCF 的性质有效地使每个客户端成为服务器。这是否意味着要保护每个客户需要花费 1200 美元购买威瑞信证书的每个渠道?
问问题
369 次
1 回答
1
Because MSMQ binding uses regular MSMQ queues, you can implement security using the standard MSMQ queue security model. You need to make sure you set security mode to 'Transport', and then allow or restrict access to the queue as appropriate.
When you create a queue you can set permissions which govern who can send, receive, or remove from the queue using active directory or Windows accounts. The only resource I can find with a few minutes googling is MSMQ for .NET Developers - describes a little about setting permissions.
Have a read of Securing Messages with Transport Security and the examples in the NetMsmqBinding documentation.
So you should either run your services as the same user, or ensure all the users are in a single AD group, etc and then grant queue permissions (send permission?) to that user / group only.
于 2011-10-27T03:25:01.323 回答