如何避免在客户端设置 DnsEndpointIdentity
[英]How to avoid setting DnsEndpointIdentity on client side
问题描述
So basically I have an application where I have one client and two services that expose endpoints via netTcpBinding or netNamedPipe.
所以基本上我有一个应用程序,我有一个客户端和两个通过 netTcpBinding 或 netNamedPipe 公开端点的服务。 Additionally, whole communication between services and client is secured with certificate(for now I'm using self-trusted one).此外,服务和客户端之间的整个通信都通过证书进行保护(现在我使用的是自信任证书)。
It is working fine, but during creation of EndpointAddress instance, I need also set DnsEndpointIdentity with the name of the certificate that is used on the service side.它工作正常,但在创建EndpointAddress实例期间,我还需要使用服务端使用的证书名称设置DnsEndpointIdentity 。 So it looks like this:所以它看起来像这样:
new EndpointAddress(serviceUrl, new DnsEndpointIdentity("MyCertificateName"));
So my question is: Is this normal?所以我的问题是:这正常吗? Is there a way to avoid setting it on client side?有没有办法避免在客户端设置它?
1 个解决方案
解决方案1
1 已采纳 2019-10-28 05:24:02
This is a normal phenomenon, the identity could not be ignorant, it represents that the identity of the server.这是正常现象,身份不能无知,它代表了服务器的身份。 Third-party can impersonate the service program to let the client-side call, in order to achieve the purpose of stealing the client-side information.第三方可以冒充服务程序让客户端调用,以达到窃取客户端信息的目的。 To ensure that the client does not find the wrong server, the hostname in the certificate(subject) must be the same as the hostname that the client provides (DNS identity).为确保客户端不会找到错误的服务器,证书(主题)中的主机名必须与客户端提供的主机名(DNS 身份)相同。 We could also use the public key of the certificate as the identity since the public key of the certificate is public to outside.我们也可以使用证书的公钥作为身份,因为证书的公钥对外部是公开的。
<identity>
<rsa value="...."/>
</identity>
Here is a sample code to get the public key of the certificate.这是获取证书公钥的示例代码。
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert = null;
foreach (var certificate in store.Certificates)
{
if (certificate.Subject.Contains("myhostname"))
{
cert = certificate;
break;
}
}
if (cert==null)
{
return;
}
//output the public key
string xmlKey = cert.PublicKey.Key.ToXmlString(false);
//encoded
string encodedkey = System.Net.WebUtility.HtmlEncode(xmlKey);
Console.WriteLine($"Public key:\n{encodedkey}");
store.Close();
store.Dispose();
By the way, these configurations are able to automatically generated when calling the service by using the Add Service Reference dialog.顺便说一句,这些配置可以在使用“添加服务引用”对话框调用服务时自动生成。
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.