[英]Encrypting WCF message (net.msmq) when signing is specified
我正在使用WCF通過MSMQ(net.msmq協議)發送消息。 一切順利,BizTalk服務器接收到該消息並進行處理。 但是,當我查看SVCLOG時,我看到將MsmqProtectionLevel專門設置為Sign時,消息已加密。
還有其他人看到過這種行為嗎? 是否可以停止加密? 我的某些郵件超過1MB,加密使事情變慢了。
提前致謝!
ChannelFactory<OnRampEntry> Factory
{
get
{
if (factory == null)
{
lock (this)
{
if (factory == null)
{
var uri = ResolveQueueName(new Uri(Url));
var identity = EndpointIdentity.CreateDnsIdentity(BizTalkIdentity);
var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)
{
DeadLetterQueue = DeadLetterQueue.System,
ExactlyOnce = true
};
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
binding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.WindowsDomain;
binding.Security.Transport.MsmqSecureHashAlgorithm = MsmqSecureHashAlgorithm.Sha1;
factory = new ChannelFactory<OnRampEntry>(binding, new EndpointAddress(uri, identity, (AddressHeaderCollection) null));
factory.Endpoint.Behaviors.Add(new LogonCertificateBehavior());
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, BizTalkIdentity);
factory.Open();
}
}
}
return factory;
}
}
/// <summary>
/// MSMQ does not allow a DNS alias to be used in a queue name, e.g. "net.msmq://alias/private$/queue".
/// <b>ResolveQueueName</b> will tranlsate an alias to its actual machine name.
/// </summary>
/// <param name="uri"></param>
/// <returns></returns>
Uri ResolveQueueName(Uri uri)
{
var hostName = uri.DnsSafeHost;
try
{
var hostEntry = Dns.GetHostEntry(hostName);
var resolved = new Uri(uri.ToString().Replace(hostName, hostEntry.HostName));
if (log.IsDebugEnabled)
log.Debug(string.Format("Resolved '{0}' to '{1}'.", uri, resolved));
return resolved;
}
catch (SocketException e)
{
if (e.SocketErrorCode == SocketError.HostNotFound)
return uri;
throw e;
}
}
郵件被加密的原因是使用NetMsmqSecurityMode.Both-傳輸和郵件安全性。
var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)
在傳輸級別,以上配置使用
binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
在WCF日志中查看,由於已進行消息級別的加密,因此無法查看在傳輸級別設置的內容。
不幸的是,這不能回答不使用證書對消息正文進行加密的情況下如何使用X.509證書對消息簽名的問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.