堆栈内存溢出
  简体   繁体   English

没有X.509或Windows身份验证的WCF流量的加密

[英]Encryption of WCF traffic without X.509 or Windows authentication

 原文  2014-10-22 09:26:44       wcf/ encryption/ wcf-security

问题描述

I'm looking at how to set up a secure connection between a WCF service, and a non-.NET client running on RHEL, so I expect Windows authentication is not feasible. 我正在研究如何在WCF服务和RHEL上运行的非.NET客户端之间建立安全连接,因此我希望Windows身份验证不可行。 This is just for an internal network, so I'm hoping to avoid the management headaches of X.509 (eg needing to closely monitor certificate expiry dates), but I'm not clear on whether it's technically possible to do so. 这仅用于内部网络,因此我希望避免X.509的管理麻烦(例如,需要密切监视证书的到期日期),但是我不清楚在技术上是否可以这样做。

Is it possible to configure a WCF service with eg BasicHttpBinding or WsHttpBinding so that it has encryption (either transport or message layer, I'm not picky), but without using Windows authentication support or X.509 certificates? 是否可以使用BasicHttpBinding或WsHttpBinding配置WCF服务,使其具有加密功能(无论是传输层还是消息层,我都不挑剔),但不使用Windows身份验证支持或X.509证书?

Every scenario I've read for secured WCF services seems to use one of those two technologies. 为安全WCF服务阅读的每种情况似乎都使用这两种技术之一。 The only ones which don't require any X.509 certificates all use Windows authentication. 唯一不需要任何X.509证书的证书都使用Windows身份验证。 I'm not sure if this is a fundamental consequence of the underlying technologies or if it's just a property of the "common scenarios" that Microsoft has chosen to document. 我不确定这是否是基础技术的根本结果,还是仅仅是微软选择记录的“常见方案”的属性。 At the moment I'm assuming that if Windows authentication isn't available, then X.509 is the only way to deploy public/private key pairs for the non-Windows-specific message encryption algorithms to use. 目前,我假设如果Windows身份验证不可用,则X.509是部署公钥/私钥对以供非Windows特定的消息加密算法使用的唯一方法。 Is this understanding correct? 这种理解正确吗?

1 个解决方案

解决方案1
 1 已采纳  2014-10-22 13:50:54

well ... it's just that "common" property ... 好吧...就是“普通”财产...

x.509 is the common way to do this in your scenario, since the most things needed for this are already there ... x.509是您的方案中执行此操作的常用方法,因为执行此操作所需的大多数内容已经存在...

but you are not limited to either windows auth or x.509 ... 但您不仅限于Windows auth或x.509 ...

take a look here: http://www.codeproject.com/Articles/165844/WCF-Client-Server-Application-with-Custom-Authenti 在这里看看: http : //www.codeproject.com/Articles/165844/WCF-Client-Server-Application-with-Custom-Authenti

the article describes how you can introduce your own authentication and encryption schema ... 本文介绍了如何介绍自己的身份验证和加密架构...

i've already done that (simple AES encryption, one key among all clients), but i don't have the code at hand ... it wasn't that hard, but if you really run into trouble here, i'll have a look if i still have that stuff somewhere... 我已经做到了(简单的AES加密,在所有客户端中只有一个密钥),但是我手边没有代码...不是那么难,但是如果您真的在这里遇到麻烦,我会看看我是否还有东西...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF上的X.509证书? - X.509 certificates on WCF? XML加密漏洞会影响基于WCF X.509证书的安全性吗? - Does the XML Encryption flaw affect WCF X.509 certificate-based security? 具有WCF服务的X.509证书 - X.509 certificate with WCF service WCF:找不到 X.509 证书 - WCF: Cannot find the X.509 certificate 为什么我的HelloWorld WCF服务自定义X.509身份验证不起作用? - Why does my HelloWorld WCF service custom X.509 authentication not work? 哪些工具可用于通过X.509身份验证测试WCF SOAP服务? - What tools can be used for testing WCF SOAP services with X.509 authentication? Windows上的X.509证书入门 - Primer for X.509 certificates on Windows 将X.509证书发送到WCF C# - Sending X.509 certificates to WCF c# 具有X.509证书和Java Web Service的WCF客户端 - WCF Client With X.509 Certificate and Java Web Service 在WCF中使用X.509证书的连接失败 - Connection failure using X.509 certificate in WCF
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM