1. 首頁
  2. 問答
  3. 這是爲WCF設置證書的正確方法嗎?

這是爲WCF設置證書的正確方法嗎?

2013-02-27 61 views
0

我得到了一個WCF服務,託管在selfhost中,並通過TCP與Winform客戶端進行通信。這是設置證書(Intranet的傳輸)的正確方法嗎?我如何知道通信是加密的?這是爲WCF設置證書的正確方法嗎?

SEVICE

<behavior name="MyAppClientService.Certificate_Behavior"> 
      <dataContractSerializer maxItemsInObjectGraph="2147483647"/> 
      <serviceDebug includeExceptionDetailInFaults="true"/> 
      <serviceMetadata httpGetEnabled="true"/> 
      <customBehaviorExtension_ClientService/> 
      <serviceThrottling maxConcurrentCalls="2000" maxConcurrentSessions="2147483647" maxConcurrentInstances="2000"/> 
      <serviceCredentials> 
      <clientCertificate> 
       <authentication certificateValidationMode="PeerTrust"/> 
      </clientCertificate> 
      <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyApp.ServiceImplementation.CustomUsernamePasswordValidator, MyApp.ServiceImplementation"/> 
      <serviceCertificate findValue="MyAppServer" 
        storeLocation="CurrentUser" 
        storeName="TrustedPeople" 
        x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
      <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="MyApp.ServiceImplementation.CustomServiceAuthorizationManager, MyApp.ServiceImplementation"> 
      <authorizationPolicies> 
       <add policyType="MyApp.ServiceImplementation.CustomAuthorizationPolicy_ClientService, MyApp.ServiceImplementation"/> 
      </authorizationPolicies> 
      </serviceAuthorization> 
     </behavior> 


<services> 
     <service behaviorConfiguration="MyAppClientService.Certificate_Behavior" name="MyApp.ServiceImplementation.MyAppClientService"> 
     <endpoint binding="netTcpBinding" bindingConfiguration="netTcpCertificate" behaviorConfiguration="protoEndpointBehavior" bindingNamespace="http://MyApp.ServiceContracts/2007/11" contract="MyApp.ServiceContracts.IMyAppClientService" address="Sll"/> 
     <!-- No need for MEX for this service --> 
     <!--<endpoint address="httpMex" binding="mexHttpBinding" contract="IMetadataExchange"/>--> 
     <!--<endpoint address="tcpMex" binding="mexTcpBinding" contract="IMetadataExchange"/>--> 
     <host> 
      <baseAddresses> 
      <add baseAddress="net.tcp://localhost:8035/MyApp5Service/Client/"/> 
      <add baseAddress="http://localhost:8002/MyApp5Service/Client"/> 
      </baseAddresses> 
     </host> 

     </service> 


<bindings> 
     <netTcpBinding> 
     <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647"> 
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/> 
      <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/> 
      <security mode="Transport"> 
      <transport clientCredentialType="Certificate"/> 
      <message clientCredentialType="Certificate"/> 
      </security> 
     </binding> 
     </netTcpBinding> 
    </bindings>

客戶

<behaviors> 
     <endpointBehaviors> 
     <behavior name="protoCertificateEndpointBehavior"> 
      <clientCredentials> 
      <clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/> 
      <serviceCertificate> 
       <authentication certificateValidationMode="PeerTrust"/> 
      </serviceCertificate> 
      </clientCredentials> 
      <CustomMessageInspector/> 
      <protobuf/> 
     </behavior> 
     </endpointBehaviors> 
    </behaviors> 

    <client> 
      <endpoint address="net.tcp://localhost:8035/MyApp5Service/Client/Sll" behaviorConfiguration="protoCertificateEndpointBehavior" binding="netTcpBinding" bindingConfiguration="netTcpCertificate" contract="MyApp.ServiceContracts.IMyAppClientService" name="SelfHostProtoCert_RegularLogin"> 
      <identity> 
       <dns value="MyAppServer" /> 
      </identity> 
      </endpoint> 
     </client> 


     <bindings> 
       <netTcpBinding> 
       <!-- http://msdn.microsoft.com/en-us/library/ff648863.aspx --> 
       <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647"> 
        <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/> 
        <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/> 
        <security mode="Transport"> 
        <transport clientCredentialType="Certificate"/> 
        <message clientCredentialType="Certificate"/> 
        </security> 
       </binding> 
       </netTcpBinding> 
      </bindings>

來源

2013-02-27 Banshee

+0

你的問題是什麼;如果配置正確或者您需要Intranet流量的傳輸安全性? – Jocke 2013-02-27 09:51:10

+0

我問是否正確設置使用證書,以及如何檢查數據是否真正加密。 – Banshee 2013-02-27 10:33:31

+0

Intranet傳輸方案的綁定應該可以。由於安全模式是傳輸,因此''行將被忽略。只要沒有中間系統,數據在TCP通道上就會被加密。 – 2013-02-27 11:30:42

回答

0

配置看起來不錯乍一看。但是在這裏我看到了另一個問題:如何確保流量真正被加密。我想你可以試試​​來捕獲tcp流量。它有一些工具來解密SSL流量。

來源

2013-02-27 10:54:38 paramosh

相關問題

 相關問題