简体繁体 English

WCF DualHTTPBINDING消息安全性

[英]WCF DualHTTPBINDING Message security

原文 2014-05-18 09:40:03 9 3 c#/ wcf/ ssl/ wcf-security/ wsdualhttpbinding

When using WSDUALHTTPBINDING with message security, is it recommended to use Transport security also [ie SSL]? 当使用带有消息安全性的WSDUALHTTPBINDING时，是否也建议使用传输安全性[即SSL]？ Maybe it depends on the scenario. 也许这取决于场景。 In my case, both client and service are located on an intranet. 就我而言，客户端和服务都位于Intranet上。 If the service was on a webserver over the internet would the answer be different ? 如果该服务是通过互联网在网络服务器上，答案会有所不同吗？

Update now that i know wsduallhttpbinding does not support transport security, is message security as secure or should i use another binding that supports ssl under my scenario 现在更新我知道wsduallhttpbinding不支持传输安全性，消息安全性是安全的还是我应该在我的场景下使用支持ssl的另一个绑定

3 个解决方案

The wsDualHttpBinding does not support transport-level security, meaning that SSL/TLS encryption is not possible. wsDualHttpBinding不支持传输级安全性，这意味着无法进行SSL / TLS加密。 The following references confirm transport security is not an option with the wsDualHttpBinding binding: 以下引用确认传输安全性不是wsDualHttpBinding绑定的选项：

MSDN: The WSDualHttpSecurityMode Enumeration is limited to two options: Message & None http://msdn.microsoft.com/en-us/library/ms731363(v=vs.110).aspx MSDN： WSDualHttpSecurityMode Enumeration仅限于两个选项： Message ＆ None http://msdn.microsoft.com/en-us/library/ms731363(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/system.servicemodel.wsdualhttpsecuritymode(v=vs.110).aspx http://msdn.microsoft.com/en-us/library/system.servicemodel.wsdualhttpsecuritymode(v=vs.110).aspx

Note: I also checked the Microsoft® Service Configuration Editor (image below) to validation the options. 注意：我还检查了Microsoft®服务配置编辑器（下图）以验证选项。
在此输入图像描述

The following online resource provides good background information: 以下在线资源提供了良好的背景信息：
http://wcfsecurityguide.codeplex.com/ http://wcfsecurityguide.codeplex.com/

Note: The scenario intranet vs internet web service does not factor into the answer because the proposed configuration would be invalid either way. 注意：方案Intranet与Internet Web服务不会影响答案，因为建议的配置无论如何都是无效的。 Therefore, no SSL unless you change the binding. 因此，除非您更改绑定，否则不使用SSL。

Regards, 问候，

The wsDualHttpBinding doesn't support Transport security as explained here: http://msdn.microsoft.com/en-us/library/ff648589.aspx wsDualHttpBinding不支持传输安全性，如下所述： http ： //msdn.microsoft.com/en-us/library/ff648589.aspx

Binding limitations : Transport security does not work with wsDualHttpBinding . 绑定限制 ：传输安全性不适用于wsDualHttpBinding 。

You can rely on Message security. 您可以依赖Message安全性。 It uses WS-Security to protect each message. 它使用WS-Security来保护每条消息。

UPDATE: As I said, you can rely on Message security, it provides end-to-end security. 更新：正如我所说，您可以依赖Message安全性，它提供端到端的安全性。 You can find here the detailled explaination: http://msdn.microsoft.com/en-us/library/ff648863.aspx 你可以在这里找到详细的解释： http ： //msdn.microsoft.com/en-us/library/ff648863.aspx

The downside of Message security is mainly that it is a bit slower as every message as to be encrypted, but don't worry it is secure enough you don't need to change bindings. 消息安全性的缺点主要在于每条消息的加密速度都有点慢，但不要担心它足够安全，您不需要更改绑定。

Per the original question: 根据原始问题：

When using WSDUALHTTPBINDING with message security, is it recommended to use Transport security also [ie SSL]? 当使用带有消息安全性的WSDUALHTTPBINDING时，是否也建议使用传输安全性[即SSL]？

As stated, WSDualHttpBinding does not support security at the Transport level. 如上所述， WSDualHttpBinding不支持Transport级别的安全性。 So the original question is sort of defeated. 所以原来的问题有点被打败了。

Per the update to the question: 根据问题的更新：

Update now that i know wsduallhttpbinding does not support transport security, is message security as secure or should i use another binding that supports ssl under my scenario 现在更新我知道wsduallhttpbinding不支持传输安全性，消息安全性是安全的还是我应该在我的场景下使用支持ssl的另一个绑定

Message level security is actually superior as it provides end-to-end security. Message级安全性实际上是优越的，因为它提供了端到端的安全性。 Transport level security only provides point-to-point security. Transport级安全性仅提供点对点安全性。

Message security directly encrypts and signs the message so even routing the messages through intermediate systems does not break the security. 消息安全性直接对消息进行加密和签名，因此即使通过中间系统路由消息也不会破坏安全性。 You also get the additional bonus that message security is transport-independent so it can be used with any transport protocol. 您还可以获得额外的奖励，即消息安全性与传输无关，因此可以与任何传输协议一起使用。

MSDN actually recommends using message security in internet scenarios: MSDN实际上建议在Internet方案中使用消息安全性：

Use message security in the following scenarios: 在以下方案中使用消息安全性：

You are sending a message to a WCF service, and the message is likely to be forwarded to other WCF services or may be routed through intermediate systems. 您正在向WCF服务发送消息，该消息可能会转发到其他WCF服务，或者可能通过中间系统路由。

Your WCF clients are accessing the WCF service over the Internet and messages may be routed through intermediate systems. 您的WCF客户端正在通过Internet访问WCF服务，并且可以通过中间系统路由消息。