WCF最容易实现的安全模式
[英]WCF easiest security mode to implement
问题描述
What's the easiest security mode for implementation in WCF when: 
在以下情况下,在WCF中实施的最简单的安全模式是什么?
- Both client and service are .NET applications. 客户端和服务都是.NET应用程序。
- Client and service are negotiating over internet. 客户和服务正在通过Internet进行协商。
-
SSLin not available.SSL不可用。 - Port 80 (web) is preferred for communication. 首选端口80(网络)进行通信。
- And Using a
x 509 certificateshould be the last option (same credentials in configuration file at both sides is preferred, if possible)并且使用x 509 certificate应该是最后的选择(如果可能,最好在配置文件中使用相同的两边凭据)
3 个解决方案
解决方案1
1 2011-02-18 17:41:20
If you are looking for a way to do username/password authentication, you can use wsHttpBinding and create a custom class that inherits from UsernamePasswordValidator and overrides the Validate method. 如果您正在寻找一种执行用户名/密码身份验证的方法,则可以使用wsHttpBinding并创建一个自定义类,该类继承自UsernamePasswordValidator并覆盖Validate方法。
Here is an example: http://codebetter.com/petervanooijen/2010/03/22/a-simple-wcf-service-with-username-password-authentication-the-things-they-don-t-tell-you/ 这是一个示例: http : //codebetter.com/petervanooijen/2010/03/22/a-simple-wcf-service-with-username-password-authentication-the-things-they-don-t-tell-you /
解决方案2
0 2011-02-18 16:32:28
The easiest security to implement is a lack of security, though not recommended at all: 实施最简单的安全措施是缺乏安全性,尽管根本不建议这样做:
<message clientCredentialType="None" />
<transport clientCredentialType="None" />
The next, which actually provides some security, would probably be Windows (see a tutorial on enabling this here ) or Password for transport level security. 下一个实际上提供一些安全性的下一个可能是Windows (请参见此处启用此功能的教程)或用于传输级安全性的Password 。 See here for an MSDN overview of available credential options. 有关可用凭据选项的MSDN概述,请参见此处 。
But to be honest there is quite a broad area for you to cover other than just specifying easiest . 但是老实说,除了指定最简单的方法之外,您还有很大的覆盖范围。 You can combine Transport and Message security, go with either or, use different credential types and so on - really, the easiest depends on the requirements, which, given point 5 of your question, would seem to reinforce my recommendation of Windows or Password authentication for this scenario. 您可以结合使用Transport和Message安全性,或者使用一种,也可以使用不同的凭据类型,依此类推-确实, 最简单的方法取决于要求,在您的问题的第5点看来,这似乎可以加强我对Windows或Password身份验证的建议对于这种情况。
解决方案3
0 已采纳 2011-02-18 17:49:00
What do you mean by security ? 安全是什么意思? It is possible to use "security" over Internet without certificates if your security actually only mean username and password (client authentication) and you are happy with plain text messages. 如果您的安全性实际上仅表示用户名和密码(客户端身份验证),并且您对纯文本消息感到满意,则可以通过Internet使用不带证书的“安全性”。 If you require any form of encryption and signing you need certificate or you have to build your own solution. 如果需要任何形式的加密和签名,则需要证书,或者必须构建自己的解决方案。 (Using Windows security mode is not possible because it works only in the same AD domain or trusted domains.) (无法使用Windows安全模式,因为它只能在相同的AD域或受信任的域中使用。)
WCF itself provides by default only UserName/Password (WS-Security UsernameToken Profile with plain text password) over secured channel (transport or message security). 默认情况下,WCF本身通过安全通道(传输或消息安全性)仅提供用户名/密码(带有纯文本密码的WS-Security UsernameToken配置文件)。 It is possible to use UserName/Password over unsecured channel but in such case you will send plain text password over Internet. 可以在不安全的通道上使用UserName / Password ,但是在这种情况下,您将通过Internet发送纯文本密码。 UsernameToken Profile also offers digested password - it is not considered secure but it is used very often. UsernameToken配置文件还提供了摘要密码-不被认为是安全的,但经常使用。 WCF doesn't support it but there is some implementation available. WCF不支持它,但是有一些可用的实现 。
I would go with HTTPS. 我会使用HTTPS。 Why is in not possible? 为什么不可能呢?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.