堆栈内存溢出
  简体   繁体   English

具有SSL的Metro Web服务-这是安全的对话吗

[英]Metro web service with SSL - Is this a secure conversation

 原文  2011-09-22 00:06:43       java/ wcf/ web-services/ ssl/ wsit

问题描述

I have the following conversation log (from WCF Trace file). 我有以下对话日志(来自WCF跟踪文件)。 It shows a WCF client calling an SSL protected Metro web service. 它显示了WCF客户端调用受SSL保护的Metro Web服务。 Does the conversation have applied security? 对话是否已应用安全性? How do I know this from the logs? 我怎么从日志中知道这一点?

Message Source: ServiceLevelSendRequest 消息源: ServiceLevelSendRequest

Message Type: System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage 消息类型: System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage 

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4045159+02:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
        <s:Header>
            <a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
            <a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
            <a:ReplyTo>
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"></VsDebuggerCausalityData>
        </s:Header>
        <s:Body>
            <hello xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://webService/">
                <name xmlns="">Dani</name>
            </hello>
        </s:Body>
    </s:Envelope>
</MessageLogTraceRecord>

Message Source: TransportSend 消息来源: TransportSend

Message Type: System.ServiceModel.Security.SecurityAppliedMessage 消息类型: System.ServiceModel.Security.SecurityAppliedMessage 

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4105163+02:00" Source="TransportSend" Type="System.ServiceModel.Security.SecurityAppliedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <s:Header>
            <a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
            <a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
            <a:ReplyTo>
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo/CE9TN8gjlFg7wGpuXg+HYAAAAAjfdEWwkubUe9Mb/DW0Kwl7kxQkfs6KtNkycVwDcjc44ACQAA</VsDebuggerCausalityData>
            <a:To s:mustUnderstand="1">https://localhost:8181/megegytest/hello</a:To>
            <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <u:Timestamp u:Id="_0">
                    <u:Created>2011-09-21T23:33:06.409Z</u:Created>
                    <u:Expires>2011-09-21T23:38:06.409Z</u:Expires>
                </u:Timestamp>
            </o:Security>
        </s:Header>
        <s:Body>
            <hello xmlns="http://webService/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
                <name xmlns="">Dani</name>
            </hello>
        </s:Body>
    </s:Envelope>
</MessageLogTraceRecord>

Message Source: TransportReceive 消息源: TransportReceive

Message Type: System.ServiceModel.Channels.BufferedMessage 消息类型: System.ServiceModel.Channels.BufferedMessage 

    <MessageLogTraceRecord Time="2011-09-22T01:33:06.4165166+02:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
        <S:Header>
            <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
            <Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
            <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
            <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
            <wsse:Security S:mustUnderstand="1">
                <wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                    <wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
                    <wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
                </wsu:Timestamp>
            </wsse:Security>
        </S:Header>
        <S:Body>
            <ns2:helloResponse xmlns:ns2="http://webService/">
                <return xmlns="">Hello Dani !</return>
            </ns2:helloResponse>
        </S:Body>
    </S:Envelope>
</MessageLogTraceRecord>

Message Source: ServiceLevelReceiveReply 消息来源: ServiceLevelReceiveReply

Message Type: System.ServiceModel.Security.SecurityVerifiedMessage 消息类型: System.ServiceModel.Security.SecurityVerifiedMessage 

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4245171+02:00" Source="ServiceLevelReceiveReply" Type="System.ServiceModel.Security.SecurityVerifiedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <HttpResponse>
        <StatusCode>OK</StatusCode>
        <StatusDescription>OK</StatusDescription>
        <WebHeaders>
            <Transfer-Encoding>chunked</Transfer-Encoding>
            <Content-Type>text/xml;charset=utf-8</Content-Type>
            <Date>Wed, 21 Sep 2011 23:33:06 GMT</Date>
            <Server>GlassFish Server Open Source Edition 3.1.1</Server>
            <X-Powered-By>Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Oracle Corporation/1.7)</X-Powered-By>
        </WebHeaders>
    </HttpResponse>
    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
        <S:Header>
            <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
            <Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
            <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
            <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
            <wsse:Security S:mustUnderstand="1">
                <wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                    <wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
                    <wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
                </wsu:Timestamp>
            </wsse:Security>
        </S:Header>
        <S:Body>
            <ns2:helloResponse xmlns:ns2="http://webService/">
                <return xmlns="">Hello Dani !</return>
            </ns2:helloResponse>
        </S:Body>
    </S:Envelope>
</MessageLogTraceRecord>

WSDL : WSDL 

<definitions targetNamespace="http://webService/" name="hello">
    <wsp:Policy wsu:Id="helloPortBindingPolicy">
        <sp:TransportBinding>
            <wsp:Policy>
                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:Basic128/>
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:IncludeTimestamp/>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Lax/>
                    </wsp:Policy>
                </sp:Layout>
                <sp:TransportToken>
                    <wsp:Policy>
                        <sp:HttpsToken RequireClientCertificate="false"/>
                    </wsp:Policy>
                </sp:TransportToken>
            </wsp:Policy>
        </sp:TransportBinding>
        <sp:Wss10/>
        <wsam:Addressing/>
    </wsp:Policy>
    <types>
        <xsd:schema>
            <xsd:import namespace="http://webService/" schemaLocation="https://localhost:8181/megegytest/hello?xsd=1"/>
        </xsd:schema>
    </types>
    <message name="hello">
        <part name="parameters" element="tns:hello"/>
    </message>
    <message name="helloResponse">
        <part name="parameters" element="tns:helloResponse"/>
    </message>
    <portType name="hello">
        <operation name="hello">
            <input wsam:Action="http://webService/hello/helloRequest" message="tns:hello"/>
            <output wsam:Action="http://webService/hello/helloResponse" message="tns:helloResponse"/>
        </operation>
    </portType>
    <binding name="helloPortBinding" type="tns:hello">
        <wsp:PolicyReference URI="#helloPortBindingPolicy"/>
        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
        <operation name="hello">
            <soap:operation soapAction=""/>
            <input>
                <soap:body use="literal"/>
            </input>
            <output>
                <soap:body use="literal"/>
            </output>
        </operation>
    </binding>
    <service name="hello">
        <port name="helloPort" binding="tns:helloPortBinding">
            <soap:address location="https://localhost:8181/megegytest/hello"/>
        </port>
    </service>
</definitions>

1 个解决方案

解决方案1
 0 已采纳  2011-09-22 07:49:53

It uses HTTPS so it is secured. 它使用HTTPS,因此很安全。 WSDL also demands secure transport through security policy declaring TransportBinding element and HttpsToken . WSDL还要求通过声明TransportBinding元素和HttpsToken安全策略进行安全TransportBinding Log will not show any encryption because encryption is done on transport level outside of WCF scope. 日志不会显示任何加密,因为加密是在WCF范围之外的传输级别完成的。 If you want to see that messages are encrypted you must sniff traffic on network level for example with WireShark. 如果要查看消息是否已加密,则必须在网络级别上监听流量,例如使用WireShark。 You can also use Fiddler as HTTPS proxy to see that client is doing HTTP CONNECT to tunnel SSL through proxy. 您还可以将Fiddler用作HTTPS代理,以查看客户端正在执行HTTP CONNECT以通过代理隧道SSL。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 开发使用安全METRO 2.1 Web服务的.NET客户端 - Developing a .NET client that consumes a secure METRO 2.1 web service 如何嗅探受SSL保护的Metro Web服务与WCF客户端之间的通信? - How to sniff communication between SSL protected Metro web service and WCF client? 使用Glassfish / Metro模拟WCF安全Web服务器的问题 - Issues with Impersonating a WCF Secure Web Server using Glassfish / Metro Java Web 服务 - 用户安全 web 方法 - Java Web Service - Secure web methods by user Java中的独立SSL Web服务 - standalone ssl web service in java 使用SSL访问Web服务时出错 - Error accessing a Web Service with SSL 无法将Metro JAX-WS Web服务部署到Weblogic - Fail to deploy Metro JAX-WS Web Service to Weblogic 使用jax-ws Metro消耗Exchange Web Service 2010的问题 - Problem consuming Exchange Web Service 2010 with jax-ws metro Keycloak保护AngularJS前端+ Java Web服务 - Keycloak to secure AngularJS frontend + Java web service 如何确保Web服务位置? - How to secure a web-service location?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM