stackoom
  简体   繁体   中英

WCF net.tcp SSL, certificate and username + password authentication

 原文  2014-03-07 12:21:37       wcf/ ssl/ forms-authentication/ net.tcp/ .net-4.5

Question

I want to build a client-server, WPF-WCF application that should fulfill the following requirements:

  • Fast
  • Secured communication between clients and server
  • If an user wants to use the client application, he should have a certain certificate installed on his machine and also provide a valid username/password pair
  • Everything should happen over the internet

So I started working on it two days ago and, after going through almost every example/tutorial I could find that got close to my scenario, I managed to build a WCF service with net.tcp binding that is hosted in IIS (8 I think) and exposes its metadata through a mex endpoint and a tiny little client console application that can connect to the service and call its one and only HelloWorld method.

All was well until I started trying to add certificate based security. I tried countless configuration combinations and techniques but still couldn't get anything working.

At first, I got some specific error messages telling me various things about the server or client certificates not being valid, trusted, or good for anything in any way. Then I followed these articles, since I need self-signed certificates while developing.

Then, I started getting more and more vague error messages until I gave up. It might very well be that I misunderstood how WCF works since I don't have that much experience with it.

The configuration that worked is this:

  • Service configuration 

     <configuration> <system.web> <httpRuntime targetFramework="4.5.1"/> </system.web> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="TcpServiceBehaviour"> <serviceMetadata /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="TcpServiceBehaviour" name="WcfTcpServer.TcpService"> <endpoint address="net.tcp://serverName/wcftcpserver/TcpService.svc" binding="netTcpBinding" name="TcpServiceEndpoint" contract="WcfTcpServer.ITcpService" /> <endpoint address="SME" binding="mexTcpBinding" bindingConfiguration="" name="ServiceMetadataEndpoint" contract="IMetadataExchange" /> </service> </services> </system.serviceModel> </configuration>

  • Client configuration 

     <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" /> </startup> <system.serviceModel> <client> <endpoint address="net.tcp://serverName/wcftcpserver/TcpService.svc" binding="netTcpBinding" contract="WcfTcpServer.ITcpService" name="TcpServiceEndpoint"> <identity> <servicePrincipalName value="host/serverName.smth.smthElse.ro" /> </identity> </endpoint> </client> </system.serviceModel> </configuration>

That's, as you can see, the certificate-less configuration. Any step that I take towards using my self-signed certificates within this configuration, breaks the applications.

I use .NetFramework 4.5.1 for everything.

I would very much appreciate help with this problem. I can provide additional configurations I tried, if needed.

Is this even possible or am I trying in vain?

Thank you!

1 answers

solution1
 1 ACCPTED  2014-03-08 17:31:43

In short, yes, you can support multiple client credentials using what are known as Supporting Tokens .

From the linked article:

The example adds an X.509 binary security token in addition to a username security token. The token is passed in a WS-Security message header from the client to the service and part of the message is signed with the private key associated with the X.509 security token to prove the possession of the X.509 certificate to the receiver. This is useful in the case when there is a requirement to have multiple claims associated with a message to authenticate or authorize the sender.

On the topic of using NetTcpBinding over the internet:

NetTcpBinding is generally recommended for intranet scenarios. It is advised by much of what I have read to either use WsHttpBinding and BasicHttpBinding for internet scenarios depending on your requirements. If security is a top concern of yours - the recommended choice is WsHttpBinding with Message level security.

Guidelines on choosing a binding for an internet scenario: Internet Binding Scenarios .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF net.tcp with ssl WCF Net.Tcp transport UserName WCF net.tcp with signed certificate wcf net.tcp using SSL Joining an SSL .crt certificate with a private key for use with WCF's Net.Tcp binding Is Net.TCP with SSL certificate ok for use on internet WCF Transport Windows Authentication with NET.TCP only works locally Performance of WCF with net.tcp Selfhosted WCF Service with SSL and Username and Password authentication WCF Net.tcp VS SqlServer on net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM