具有WsHttpBinding的WCF安全TransportWithMessageCredentials
[英]WCF security TransportWithMessageCredentials with WsHttpBinding
问题描述
I have my site ( https:// example.com). 
我有我的网站(https:// example.com)。 This is an internet app 这是一个互联网应用
- User can register from the above site-- Completed
- Register user will get a Email and will have a lick to download a Windows Client( WPF or Windows Form client) – Completed
- This WPF or Windows form client will consume WCF( deployed in internet) which is hosted on example.com.
Now what I need to know is how to implement Security at message level and transport level. 现在,我需要知道的是如何在消息级别和传输级别实现安全性。
- The Client request should be encrypted at message level
- WCF server response should be encrypted at message level
- Communication between Client and server should be SSL
I have gone through from msdn.microsoft.com/en-us/library/ff648902.aspx 我已经从msdn.microsoft.com/en-us/library/ff648902.aspx经历了
- How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms
- How to: Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF Calling from Windows Forms
- How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms
After reading above I am confused which one I need to use. 阅读以上内容后,我感到困惑,我需要使用哪一个。 Please suggest which one is the best option for my scenario to meet my above three security conditions 请提出哪种方案是我的方案满足以上三个安全条件的最佳选择
If I use TransportWithMessageCredential s do I see encryption at message level and transport level both? 如果使用TransportWithMessageCredential ,是否在消息级别和传输级别都看到加密?
1 个解决方案
解决方案1
0 2015-01-23 13:39:06
TransportWithMessageCredentials is an encryption/security option used when your WCF web service box is fronted by a load balancer, or reverse proxy, that is performing the SSL/HTTPs encyption work. TransportWithMessageCredentials是一种加密/安全性选项,当WCF Web服务框位于正在执行SSL / HTTPs加密工作的负载平衡器或反向代理的前面时。
In a "normal" situation, where your WCF web service box lies within the logical DMZ, the encryption and client authentication check by the WCF host is done in a single step, and the "bare" request content (unencrypted and without client auth credentials) gets processed by your service. 在“正常”情况下,您的WCF Web服务框位于逻辑DMZ内,由WCF主机进行的加密和客户端身份验证检查是在单个步骤中完成的,并且“裸露”的请求内容(未加密且没有客户端身份验证凭据) )由您的服务处理。
However, if you've using a load balancer or reverse proxy that's performing the encryption (a good idea for many reasons), using "normal" transport encryption would deliver to your WCF web service a message WITHOUT the client authentication credentials. 但是,如果您使用的是执行加密的负载平衡器或反向代理(出于多种原因,这是一个好主意),则使用“常规”传输加密将向WCF Web服务传递一条消息,而无需客户端身份验证凭据。
So what TransportWithMessageCredentials does is it preserves, inside the message body, the client authentication credentials so that, after the RP/LB has decrypted your message, your WCF web service can in a second step process your client authentication request. 因此,TransportWithMessageCredentials所做的是将其保留在邮件正文中的客户端身份验证凭据,以便在RP / LB解密了邮件之后,WCF Web服务可以在第二步中处理您的客户端身份验证请求。
Follow? 跟随? Basically, if you're using an F5 load balancer, or some reverse proxy, to encrypt/decrypt your messages before they're processed by WCF web service, you need TransportWithMessageCredentials. 基本上,如果您使用F5负载平衡器或某些反向代理在WCF Web服务处理消息之前对其进行加密/解密,则需要TransportWithMessageCredentials。 No load balancer or reverse proxy, no need for TransportWithMessageCredentials. 无需负载平衡器或反向代理,无需TransportWithMessageCredentials。
Hopefully that clarifies things. 希望这可以澄清事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.