如何在WCF中启用带有SSL wsHttpBinding的会话
[英]How to enable Session with SSL wsHttpBinding in WCF
问题描述
我有一个WCF服务,启用了wsHttpBindings和SSL,但是我想启用WCF会话。
将SessionMode更改为required后
SessionMode:=SessionMode.Required
我收到的错误如下所述。
合同需要Session,但Binding'WSHttpBinding'不支持它,或者没有正确配置以支持它。
这是我的示例应用程序。
App.config中
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<client />
<bindings>
<wsHttpBinding>
<binding name="NewBinding0" useDefaultWebProxy="false" allowCookies="true">
<readerQuotas maxStringContentLength="10240" />
<!--reliableSession enabled="true" /-->
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" >
<extendedProtectionPolicy policyEnforcement="Never" />
</transport >
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="WcfServiceLib.TestService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"
contract="WcfServiceLib.ITestService">
<identity>
<servicePrincipalName value="Local Network" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://test/TestService.svc" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
ITestService.vb
<ServiceContract(SessionMode:=SessionMode.Required)>
Public Interface ITestService
<OperationContract(IsInitiating:=True, IsTerminating:=False)> _
Function GetData(ByVal value As Integer) As String
End Interface
TestService.vb
<ServiceBehavior(InstanceContextMode:=InstanceContextMode.PerSession, _
ReleaseServiceInstanceOnTransactionComplete:=False, _
ConcurrencyMode:=ConcurrencyMode.Single)>
Public Class TestService
Implements ITestService
Private _user As User
<OperationBehavior(TransactionScopeRequired:=True)>
Public Function GetData(ByVal value As Integer) As String _
Implements ITestService.GetData
If _user Is Nothing Then
_user = New User()
_user.userName = "User_" & value
_user.userPassword = "Pass_" & value
Return String.Format("You've entered: {0} , Username = {1} , Password = {2} ", _
value, _user.userName, _user.userPassword)
Else
Return String.Format("Username = {1} , Password = {2} ", _
_user.userName, _user.userPassword)
End If
End Function
End Class
我尝试了所有可能的解决方案,但是没有任何帮助。
一些建议是为了启用可靠的会话 ,但它不适用于ssl (如果只有你的自定义绑定),其他建议使用http而不是https ,但我想用我当前的配置启用Sessions,如果可能的话。
有没有办法实现这个目标?
任何形式的帮助都非常感谢。
3 个解决方案
解决方案1
19 已采纳 2012-10-04 10:42:40
如果您想要与wsHttpBinding“会话”,则必须使用可靠的消息传递或安全会话。 (来源: 如何使用wsHttpBidning和仅传输安全性启用WCF会话 )。
WSHttpBinding支持会话,但仅在启用安全性(SecureConversation)或可靠消息传递时才支持。 如果您正在使用传输安全性,则它不使用WS-SecureConversation,并且默认情况下WS-ReliableMessaging处于关闭状态。 因此,WSHttpBinding用于会话的两个协议不可用。 您需要使用邮件安全性或打开可靠的会话。 (来源: http : //social.msdn.microsoft.com/Forums/en-US/wcf/thread/57b3453e-e7e8-4875-ba23-3be4fff080ea/ )。
我们在标准绑定中禁止使用RM而不是Https,因为保护RM会话的方法是使用安全会话而Https不提供会话。
我在这里找到了msdn blurb: http : //msdn2.microsoft.com/en-us/library/ms733136.aspx模糊是“唯一的例外是使用HTTPS时。 SSL会话未绑定到可靠会话。 这会产生威胁,因为共享安全上下文(SSL会话)的会话不会相互保护; 根据应用程序的不同,这可能是也可能不是真正的威胁。“
但是,如果您确定没有威胁,则可以执行此操作。 通过自定义绑定有一个RM over HTTPS示例http://msdn2.microsoft.com/en-us/library/ms735116.aspx (来源: http : //social.msdn.microsoft.com/forums/en-US/ wcf / thread / fb4e5e31-e9b0-4c24-856d-1c464bd0039c / )。
总结您的可能性,您可以:
1 - 保留wsHttpBinding,删除传输安全性并启用可靠的消息传递
<wsHttpBinding>
<binding name="bindingConfig">
<reliableSession enabled="true" />
<security mode="None"/>
</binding>
</wsHttpBinding>
但是你松开了SSL层,然后放弃了部分安全性。
2 - 保留wsHttpBinding,保持传输安全性并添加消息身份验证
<wsHttpBinding>
<binding name="bindingConfig">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
您可以保留SSL安全层,但是您的客户端必须提供(任何形式的)凭据,即使您未在服务端验证它们,仍必须提供假的,因为WCF将拒绝任何未指定凭据的消息。
3 - 使用具有可靠消息传递和HTTPS传输的自定义绑定
<customBinding>
<binding name="bindingConfig">
<reliableSession/>
<httpsTransport/>
</binding>
</customBinding>
除了在MSDN中解释的威胁之外,我看不出任何不利因素,这取决于您的应用程序。
4 - 使用其他会话提供程序如果您的应用程序在IIS中被激活,则可以进行设置
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
并依赖于
HttpContext.Current.Session
为你的州。
或者实现自己的cookie。
PS:请注意,对于所有这些WCF配置,我只测试了服务激活,而不是调用。
编辑:根据用户请求, wsHttpBinding与TransportWithMessageCredential安全模式实现会话(我不太熟悉VB.NET所以请原谅我的语法):
服务代码段:
<ServiceContract(SessionMode:=SessionMode.Required)>
Public Interface IService1
<OperationContract()> _
Sub SetSessionValue(ByVal value As Integer)
<OperationContract()> _
Function GetSessionValue() As Nullable(Of Integer)
End Interface
<ServiceBehavior(InstanceContextMode:=InstanceContextMode.PerSession,
ConcurrencyMode:=ConcurrencyMode.Single)>
Public Class Service1
Implements IService1
Private _sessionValue As Nullable(Of Integer)
Public Sub SetSessionValue(ByVal value As Integer) Implements IService1.SetSessionValue
_sessionValue = value
End Sub
Public Function GetSessionValue() As Nullable(Of Integer) Implements IService1.GetSessionValue
Return _sessionValue
End Function
End Class
Public Class MyUserNamePasswordValidator
Inherits System.IdentityModel.Selectors.UserNamePasswordValidator
Public Overrides Sub Validate(userName As String, password As String)
' Credential validation logic
Return ' Accept anything
End Sub
End Class
服务配置代码段:
<system.serviceModel>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior">
<endpoint address="" binding="wsHttpBinding" contract="WcfService1.IService1" bindingConfiguration="bindingConf"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="bindingConf">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.MyUserNamePasswordValidator, WcfService1"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
客户端测试代码段:
Imports System.Threading.Tasks
Module Module1
Sub Main()
Parallel.For(0, 10, Sub(i) Test(i))
Console.ReadLine()
End Sub
Sub Test(ByVal i As Integer)
Dim client As ServiceReference1.Service1Client
client = New ServiceReference1.Service1Client()
client.ClientCredentials.UserName.UserName = "login"
client.ClientCredentials.UserName.Password = "password"
Console.WriteLine("Session N° {0} : Value set to {0}", i)
client.SetSessionValue(i)
Dim response As Nullable(Of Integer)
response = client.GetSessionValue()
Console.WriteLine("Session N° {0} : Value returned : {0}", response)
client.Close()
End Sub
End Module
解决方案2
1 2012-10-04 09:23:17
默认情况下,WSHttpBinding仅允许安全会话。 它是WCF的概念,与Transport无关。 安全会话不是通过https的会话,而是具有相互身份验证的会话。 这是通过添加消息安全性来实现的。
根据您的服务,您应该应用此配置
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig">
<security mode="TransportWithMessageCredential">
<!-- configure transport & message security here if needed-->
</security>
</binding>
</wsHttpBinding>
</bindings>
在客户端,这是一个简单的单元测试
[TestMethod]
public void TestSecuritySession()
{
//remove this is certificate is valid
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback((sender, certificate, chain, sslPolicyErrors) => { return true; });
var binding = new WSHttpBinding();
binding.Security = new WSHttpSecurity() { Mode = SecurityMode.TransportWithMessageCredential};
ChannelFactory<ITestService> Factory = new ChannelFactory<ITestService>(binding, new EndpointAddress("https://localhost/TestService.svc"));
Factory.Open();
var channel = Factory.CreateChannel();
//call service here
(channel as IClientChannel).Close();
Factory.Close();
}
解决方案3
1 2012-10-04 09:55:48
wsHttpBinding需要reliableSession来支持WCF会话,可靠的会话需要自定义绑定来支持ssl。 因此,就我所知,在ssl和wsHttpBinding上请求WCF会话似乎是不可能的。
具有WsHttpBinding的WCF安全TransportWithMessageCredentials
[英]WCF security TransportWithMessageCredentials with WsHttpBinding
如何使用wsHttpBidning和仅传输安全性启用WCF会话
[英]how to enable WCF Session with wsHttpBidning with Transport only Security
使用WSHttpBinding时如何限制对本地计算机的WCF服务的访问?
[英]How to restrict access to a WCF service to the local machine when using WSHttpBinding?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.