[英]WCF Security: Difference between TransportWithMessageCredential and Message Security Mode
I would like to know the difference between TransportWithMessageCredential
Vs Message
in terms of WCF security. 我想知道
TransportWithMessageCredential
Vs Message
在WCF安全性方面的区别。
What I know is: 我所知道的是:
Transport security: Is used to provide point-to-point security between the two endpoints. 传输安全性:用于在两个端点之间提供点对点安全性。
Message security: It provides end-to-end security. 消息安全性:它提供端到端的安全性。 Because message security directly encrypts and signs the message, having intermediaries does not break the security.
因为消息安全性直接加密和签署消息,所以拥有中介不会破坏安全性。
If we use TransportWithMessageCredential
mode, is the SOAP message (Header and Body) encrypted? 如果我们使用
TransportWithMessageCredential
模式,SOAP消息(Header和Body)是否加密?
My concern is that I want to have the application data to be encrypted between WCF server and my WinForms client. 我担心的是我希望在WCF服务器和我的WinForms客户端之间加密应用程序数据。
If we use TransportWithMessageCredentials mode , Is SOAP message( Header and Body) encrypted?
如果我们使用TransportWithMessageCredentials模式,是否加密了SOAP消息(Header和Body)?
Yes, since with TransportWithMessageCredential
security mode it is transport security which is providing confidentiality and integrity protection for the messages that are transmitted over the wire. 是的,因为对于
TransportWithMessageCredential
安全模式,它是传输安全性,它为通过线路传输的消息提供机密性和完整性保护。 Transport security also provides service authentication in this case. 在这种情况下,传输安全性还提供服务认证。 For example, with HTTP, Secure Sockets Layer (SSL) is used for encrypting and signing the contents of the packets sent over Secure HTTP (HTTPS).
例如,使用HTTP,安全套接字层(SSL)用于加密和签名通过安全HTTP(HTTPS)发送的数据包的内容。
With TransportWithMessageCredential
security mode, client authentication is provided by means of SOAP message security where the client credential is put directly in the message. 使用
TransportWithMessageCredential
安全模式,客户端身份验证通过SOAP消息安全性提供,其中客户端凭据直接放在消息中。
When the SOAP message leaves the client for the service it is encrypted. 当SOAP消息离开客户端进行服务时,它会被加密。 However, as with transport security it provides point-to-point ( not end-to-end) security between the two endpoints (service and client).
但是,与传输安全性一样,它在两个端点(服务和客户端)之间提供点对点( 而非端到端)安全性。 So if there are intermediary systems between the client and the service, each intermediate point must forward the message over a new secure connection.
因此,如果客户端和服务之间存在中间系统,则每个中间点必须通过新的安全连接转发消息。
Update Per Comments 每条评论更新
you said "When the SOAP message leaves the client for the service it is encrypted' Then it should be end -end security. why it is only point -to-point.
你说“当SOAP消息离开客户端进行服务时,它就被加密了”然后它应该是end -end security。为什么它只是点到点。
Transport security is point-to-point because a message is encrypted when it leaves one endpoint and remains so until it reaches the other endpoint of the secure transport where the message is then decrypted. 传输安全性是点对点的,因为消息在离开一个端点时会被加密并保持不变,直到它到达安全传输的另一个端点,然后消息被解密。 In deployments where the client and server are talking directly to each other, then this provides encryption the whole way through.
在客户端和服务器直接相互通信的部署中,这会在整个过程中提供加密。 However, if your service endpoint is going to forward that message onto the intended recipient, then your message is no longer guaranteed to be encrypted from that point onward.
但是,如果您的服务端点要将该邮件转发到目标收件人,则不再保证您的邮件从该点开始加密。
Message security directly encrypts and signs the message so that only the intended recipient can decrypt and read the actual contents of the message. 消息安全性直接对消息进行加密和签名,以便只有预期的接收者才能解密和读取消息的实际内容。 Therefore security is guaranteed between sender and recipient and not just between endpoints.
因此,发件人和收件人之间保证安全,而不仅仅是端点之间。 Therefore, message security provides end-to-end security.
因此,消息安全性提供了端到端的安全性。
Can i conclude TransportWithMessageCredential provide security point -to-point and message Level security provide End-to-End Security.
我能否得出结论:TransportWithMessageCredential提供安全点到点,消息级安全性提供端到端安全性。 then Why WCF security Guide is suggesting to use TransportWithMessageCredential with UserName When we are using WCF with Windows form client in internet.
那么为什么WCF安全指南建议使用带有UserName的TransportWithMessageCredential当我们在Internet中使用WCF和Windows窗体客户端时。
Yes, that is correct. 对,那是正确的。
TransportWithMessageCredential
security provides point-to-point and Message
security provides end-to-end security. TransportWithMessageCredential
安全性提供点对点, Message
安全性提供端到端安全性。 The WCF Security Guide is suggesting to set the client credential to UserName
because this will be used to authenticate the client. WCF安全指南建议将客户端凭据设置为
UserName
因为这将用于对客户端进行身份验证。 In the UserName
case, we have the username and password pair being put directly in the SOAP message. 在
UserName
案例中,我们将用户名和密码对直接放在SOAP消息中。 Unless the client provides some sort of credential such as a UserName
or Certificate
to authenticate themselves to the service you will have an anonymous client. 除非客户端提供某种凭证(例如
UserName
或Certificate
来对服务进行身份验证,否则您将拥有匿名客户端。 An anonymous client means that anyone can access your service since the client is not being authenticated. 匿名客户端意味着任何人都可以访问您的服务,因为客户端未经过身份验证。
If message body is not encrypted with TransportWithMessageCredential then why Microsoft says TransportWithMessageCredential is a combination of both Transport and Message security
如果邮件正文未使用TransportWithMessageCredential加密,那么为什么Microsoft称TransportWithMessageCredential是传输和邮件安全性的组合
As with my original answer: The SOAP messages are encrypted and signed by the transport layer (eg HTTPS). 与我原来的答案一样:SOAP消息由传输层加密和签名(例如HTTPS)。
TransportWithMessageCredential
is a combination of both transport and message security since transport security encrypts and signs the messages as well as authenticates the service to the client and message security is used to authenticate the client to the service. TransportWithMessageCredential
是传输和消息安全性的组合,因为传输安全性对消息进行加密和签名以及向客户端验证服务,并且消息安全性用于向服务验证客户端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.