带有 TransportWithMessageCredential 的 WCF 是否使用 SSL?
[英]Does WCF with TransportWithMessageCredential use SSL?
问题描述
I'm configuring a WCF service in the intranet between a client and a server.
我正在客户端和服务器之间的 Intranet 中配置 WCF 服务。
I've set it up for wsHttpBinding with TransportWithMessageCredentia without certificate authentication.我已经为带有 TransportWithMessageCredentia 的 wsHttpBinding 设置了它,但没有证书身份验证。
Am I correct that service now use ssl/tls and encrypts the messages?我是否更正了该服务现在使用 ssl/tls 并加密消息?
Is this secure or do I need to use certificates too?这是安全的还是我也需要使用证书?
1 个解决方案
解决方案1
0 2019-11-14 06:40:30
Yes, we should bind a certificate to the particular port, so as to secure the communication.是的,我们应该将证书绑定到特定端口,以确保通信安全。
https://docs.microsoft.com/en-us/windows/win32/http/add-sslcert https://docs.microsoft.com/en-us/windows/win32/http/add-sslcert
If hosting the service in IIS, we are supposed to add an https binding to the site binding module.如果在 IIS 中托管服务,我们应该将 https 绑定添加到站点绑定模块。
The certificate is used to provide integrity, confidentially, and authentication while SOAP message security provides client authentication.证书用于提供完整性、机密性和身份验证,而 SOAP 消息安全提供客户端身份验证。
Therefore, please consider the below configuration.因此,请考虑以下配置。
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
the service base address is https style and authenticates the client with a pair of username/password.服务基地址为 https 样式,并使用一对用户名/密码对客户端进行身份验证。
https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.securitymode?view=netframework-4.8#System_ServiceModel_SecurityMode_TransportWithMessageCredential https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.securitymode?view=netframework-4.8#System_ServiceModel_SecurityMode_TransportWithMessageCredential
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.