[英]WCF security TransportWithMessageCredentials with WsHttpBinding
I have my site ( https:// example.com). 我有我的网站(https:// example.com)。 This is an internet app
这是一个互联网应用
- User can register from the above site-- Completed
用户可以从上述网站注册-已完成
- Register user will get a Email and will have a lick to download a Windows Client( WPF or Windows Form client) – Completed
注册用户将收到一封电子邮件,并可以点击下载Windows客户端(WPF或Windows Form客户端)–已完成
- This WPF or Windows form client will consume WCF( deployed in internet) which is hosted on example.com.
此WPF或Windows窗体客户端将使用example.com上托管的WCF(部署在Internet中)。 I am internally passing UserName and Pwd in Message body.—Completed
我正在内部在消息正文中传递UserName和Pwd。
Now what I need to know is how to implement Security at message level and transport level. 现在,我需要知道的是如何在消息级别和传输级别实现安全性。
- The Client request should be encrypted at message level
客户请求应在消息级别加密
- WCF server response should be encrypted at message level
WCF服务器响应应在消息级别加密
- Communication between Client and server should be SSL
客户端与服务器之间的通信应为SSL
I have gone through from msdn.microsoft.com/en-us/library/ff648902.aspx
我已经从
msdn.microsoft.com/en-us/library/ff648902.aspx
经历了
- How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms
如何:在Windows窗体的WCF调用中将wsHttpBinding与用户名身份验证和TransportWithMessageCredentials一起使用
- How to: Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF Calling from Windows Forms
如何:使用SQL Server成员资格提供程序的用户名身份验证和从Windows窗体进行的WCF调用中的消息安全性
- How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms
如何:在Windows窗体的WCF调用中使用证书身份验证和消息安全性
After reading above I am confused which one I need to use. 阅读以上内容后,我感到困惑,我需要使用哪一个。 Please suggest which one is the best option for my scenario to meet my above three security conditions
请提出哪种方案是我的方案满足以上三个安全条件的最佳选择
If I use TransportWithMessageCredential
s do I see encryption at message level and transport level both? 如果使用
TransportWithMessageCredential
,是否在消息级别和传输级别都看到加密?
TransportWithMessageCredentials is an encryption/security option used when your WCF web service box is fronted by a load balancer, or reverse proxy, that is performing the SSL/HTTPs encyption work. TransportWithMessageCredentials是一种加密/安全性选项,当WCF Web服务框位于正在执行SSL / HTTPs加密工作的负载平衡器或反向代理的前面时。
In a "normal" situation, where your WCF web service box lies within the logical DMZ, the encryption and client authentication check by the WCF host is done in a single step, and the "bare" request content (unencrypted and without client auth credentials) gets processed by your service. 在“正常”情况下,您的WCF Web服务框位于逻辑DMZ内,由WCF主机进行的加密和客户端身份验证检查是在单个步骤中完成的,并且“裸露”的请求内容(未加密且没有客户端身份验证凭据) )由您的服务处理。
However, if you've using a load balancer or reverse proxy that's performing the encryption (a good idea for many reasons), using "normal" transport encryption would deliver to your WCF web service a message WITHOUT the client authentication credentials. 但是,如果您使用的是执行加密的负载平衡器或反向代理(出于多种原因,这是一个好主意),则使用“常规”传输加密将向WCF Web服务传递一条消息,而无需客户端身份验证凭据。
So what TransportWithMessageCredentials does is it preserves, inside the message body, the client authentication credentials so that, after the RP/LB has decrypted your message, your WCF web service can in a second step process your client authentication request. 因此,TransportWithMessageCredentials所做的是将其保留在邮件正文中的客户端身份验证凭据,以便在RP / LB解密了邮件之后,WCF Web服务可以在第二步中处理您的客户端身份验证请求。
Follow? 跟随? Basically, if you're using an F5 load balancer, or some reverse proxy, to encrypt/decrypt your messages before they're processed by WCF web service, you need TransportWithMessageCredentials.
基本上,如果您使用F5负载平衡器或某些反向代理在WCF Web服务处理消息之前对其进行加密/解密,则需要TransportWithMessageCredentials。 No load balancer or reverse proxy, no need for TransportWithMessageCredentials.
无需负载平衡器或反向代理,无需TransportWithMessageCredentials。
Hopefully that clarifies things. 希望这可以澄清事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.