我使用IDispatchMessageInspector爲此。雖然不確定這是否是一種性能最佳的方法,但它已證明工作得很好。
我的客戶使用郵件頭來發送其唯一的GUID。 每個GUID對應於每個客戶端證書,並且這些都存儲在Windows註冊表中。 GUID由客戶端生成(我使用UuidCreateSequential())
我將與您分享我的解決方案。這是我的服務代碼:
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
IList<IIdentity> identities = OperationContext.Current.ServiceSecurityContext.AuthorizationContext.Properties["Identities"] as IList<IIdentity>;
string clientGuid = request.Headers.GetHeader<string>("Guid", "MyNamespace");
if (clientGuid == null)
throw new FaultException("Client GUID not sent!");
Guid testGuid = Guid.Empty;
if (!Guid.TryParse(clientGuid, out testGuid))
{
throw new FaultException(string.Format("The format of the GUID '{0}' is not valid!", clientGuid));
}
IIdentity X509Identity = identities.Where(x => x.AuthenticationType == "X509").SingleOrDefault();
RegistryKey identityKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Identities");
string storedSubjectName = (string)identityKey.GetValue(clientGuid);
if (storedSubjectName == null)
{
string[] valueNames = identityKey.GetValueNames();
for (int idx = 0; idx < valueNames.Count(); idx++)
{
string testCN = (string)identityKey.GetValue(valueNames[idx]);
if (testCN == X509Identity.Name)
{
throw new FaultException(string.Format("Certificate '{0}' has already been registered!", X509Identity.Name));
}
}
identityKey.SetValue(clientGuid, X509Identity.Name, RegistryValueKind.String);
}
else
{
if (storedSubjectName != X509Identity.Name)
throw new FaultException(string.Format("Certificate '{0}' used by the user registered with the certificate '{0}'", X509Identity.Name, storedSubjectName));
}
identityKey.Close();
return null;
}
客戶端上的代碼:
應用程序啓動時
RegistryKey guidKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Settings");
string clientGuid = (string)guidKey.GetValue("Guid");
if (clientGuid == null)
{
clientGuid = UUID.mGetNewGUID().ToString();
guidKey.SetValue("Guid", clientGuid, RegistryValueKind.String);
}
一個輔助類獨特的UUID感謝去this article
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
static class UUID
{
// ==========================================================
// GUID Creation
// ==========================================================
private const int RPC_S_OK = 0;
private const int RPC_S_OUT_OF_MEMORY = 14;
private const int RPC_S_UUID_NO_ADDRESS = 1739;
private const int RPC_S_UUID_LOCAL_ONLY = 1824;
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreateSequential(ref Guid guid);
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreate(ref Guid guid);
/// <summary>
/// Creates the machine GUID.
/// </summary>
public static Guid mGetNewGUID()
{
Guid guidMachineGUID = default(Guid);
int intReturnValue = UuidCreateSequential(ref guidMachineGUID);
switch (intReturnValue)
{
case RPC_S_OK:
return guidMachineGUID;
case RPC_S_OUT_OF_MEMORY:
throw new Exception("UuidCreate returned RPC_S_OUT_OF_MEMORY");
case RPC_S_UUID_NO_ADDRESS:
throw new Exception("UuidCreate returned RPC_S_UUID_NO_ADDRESS");
case RPC_S_UUID_LOCAL_ONLY:
throw new Exception("UuidCreate returned RPC_S_UUID_LOCAL_ONLY");
default:
throw new Exception("UuidCreate returned an unexpected value = " + intReturnValue.ToString());
}
}
}
在BeforeSendRequest的IClientMessageInspector
var guidHeader = new MessageHeader<string>(Service.ClientGuid);
var untypedGuid = guidHeader.GetUntypedHeader("Guid", "MyNamespace");
request.Headers.Add(untypedGuid);
謝謝您的回覆!它看起來很有希望,但我有一個問題:GUID如何生成並存儲在客戶端上?是否有數據庫參與? – jscheppers
@jscheppers我已更新我的回答 –
謝謝!這看起來非常好!它並不完全排除證書交換的選項,因爲客戶端仍然可以從註冊表中提取GUID,但當然會提高吧!;) – jscheppers