3
我爲我的僱主實施了一個項目的WCF服務和客戶端應用程序,並且由於soap body元素而面臨嚴重問題。問題是soap身體沒有得到加密,只有頭部被加密。無論如何,肥皂請求,網頁配置和我如何創建證書的方式都提到供您參考...當在WCF服務上實現X509安全性時,皁體未加密
WCF服務器配置 .................... ..
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding" >
<security>
<message clientCredentialType="Certificate" establishSecurityContext ="true" />
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="CustomBinding">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificate" requireDerivedKeys="false"
includeTimestamp="true" keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="false">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
<services>
<service name="mysvc.MySvc" behaviorConfiguration="mysvc.Service1Behavior">
<endpoint address="" binding="customBinding" bindingConfiguration ="CustomBinding" contract="mysvc.IMySvc" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress ="http://localhost:8888/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="inspectorBehavior">
<consoleOutputBehavior />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="mysvc.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="WCfServerCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
WCF客戶端配置 .....................
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IMySvc">
<security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate"
requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://localhost:8888/" binding="customBinding" behaviorConfiguration ="CustomBehavior"
bindingConfiguration="CustomBinding_IMySvc" contract="WCFProxy.IMySvc"
name="CustomBinding_IMySvc" >
<identity >
<dns value ="WCfServerCert"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="WCfClientCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<defaultCertificate findValue="WCfServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors >
</system.serviceModel>
證書創建命令 ...............................
makecert -n 「CN = WCFServer」 -r -sv WCFServer.pvk WCFServer.cer
makecert -n 「CN = WCFClient」 -r -sv WCFClient.pvk WCFClient.cer
makecert -sk WCFServerCert -iv d:\ WCFServer.pvk -n「CN = WCFServerCert」-ic d:\ WCFServer.cer -sr LocalMachine -ss我的-sky交換pe
makecert -sk WCFClientCert -iv d: \ WCFClient.pvk -n「CN = WCFClientCert」-ic d:\ WCFClient.cer -sr LocalMachine -ss我的-sky交換pe
服務使用customBinding而不是wsHttpBinding。 – Tanner 2010-08-03 19:12:41