简体繁体 English

WS-Security如何互通？

[英]How interopable is WS-Security?

原文 2011-12-28 19:20:18 0 2 wcf/ security/ soap/ ws-security

I've recently worked on a project where a WCF service was involved, and a wsHttpBinding was used for authentication. 我最近参与了一个涉及WCF服务的项目，并使用了wsHttpBinding进行身份验证。 A third party consuming the service with PHP complained that this approach didn't work out of the box in PHP and that it wasn't interopable enough (they preferred a RESTful approach, passing credentials with GET..) 使用PHP服务该服务的第三方抱怨说这种方法在PHP中没有开箱即用，并且它不能互操作（他们更喜欢RESTful方法，通过GET传递凭证......）

I've never consumed a service with PHP, does their argument hold any water? 我从来没有使用PHP服务，他们的论点是否适用于水？

To expand: 扩张：

Not being able to get something working out of the box in your language/environment isn't necessarily a good argument for lack of interopability and I'm not really convinced by them. 在你的语言/环境中无法获得开箱即用的东西不一定是缺乏互操作性的好理由，我并不是真的相信它们。 I'm curious how interopable it is on a broader scale though, as I want my service to be easily consumable not just by .NET clients. 我很好奇它是如何在更广泛的范围内互操作，因为我希望我的服务很容易消费，而不仅仅是.NET客户端。

Additional note: 附加说明：

I use TransportWithMessageCredential, the credentials are verified IN the service, and not by IIS. 我使用TransportWithMessageCredential，凭据在服务中验证，而不是由IIS验证。 What is the preferred way of supplying credentials to a RESTful service in this manner? 以这种方式向RESTful服务提供凭据的首选方法是什么？ (should this be a separate question?). （这应该是一个单独的问题吗？）。 I'm just wondering if it even IS a viable alternative in this scenario. 我只是想知道在这种情况下它是否是一个可行的选择。

2 个解决方案

I had the same problem with some of my clients too (Also calling my service from PHP). 我的一些客户也遇到了同样的问题（也从PHP调用我的服务）。

So we just exposed an additional basicHttpBinding Endpoint. 所以我们刚刚暴露了一个额外的basicHttpBinding端点。

I use Transport security with UsernamePassword authentication in that Endpoint. 我在该端点中使用带有UsernamePassword身份验证的传输安全性。

It's true that REST is very easy to implement on a wide range of programming platforms and operating systems (including, for instance, PHP on a Linux box, which is a very common setup). 确实，REST很容易在各种编程平台和操作系统上实现（例如，Linux盒子上的PHP，这是一种非常常见的设置）。

WS-Security, as an extension to SOAP, is a standardized protocol and there exist implementations for other platforms than .NET. WS-Security作为SOAP的扩展，是一种标准化协议，并且存在除.NET以外的其他平台的实现。 However, the range of free libraries here is very limited (for PHP, I don't know any) and it surely means more effort to connect to a WS-Security service than to a simple REST service, at least if the service uses protocol features that go beyond the scope of plain SOAP. 但是，这里的免费库范围非常有限（对于PHP，我不知道），这肯定意味着连接到WS-Security服务而不是简单的REST服务，至少如果服务使用协议超出普通SOAP范围的功能。

One more thing: HTTP has authentication support built in, so you can absolutely implement an authenticated RESTful service without adding credentials to the requested URL. 还有一件事：HTTP内置了身份验证支持，因此您可以绝对实现经过身份验证的RESTful服务，而无需向请求的URL添加凭据。