WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

原创地址:http://www.cnblogs.com/jfzhu/p/4071342.html                                                                                        

转载请注明出处

 

前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode,并且clientCredentialType用的是certificate。

本文演示basicHttpbinding使用Transport Security Mode,并且clientCredentialType="None"。

 

 

(一)WCF 服务代码与配置文件

IDemoService.cs

using System.ServiceModel;

namespace WCFDemo 
{    
    [ServiceContract(Name = "IDemoService")] 
    public interface IDemoService 
    { 
        [OperationContract] 
        [FaultContract(typeof(DivideByZeroFault))] 
        int Divide(int numerator, int denominator); 
    } 
}

 

DemoService.cs

using System; 
using System.ServiceModel; 
using System.ServiceModel.Activation;

namespace WCFDemo 
{ 
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] 
    public class DemoService : IDemoService 
    { 
        public int Divide(int numerator, int denominator) 
        { 
            try 
            { 
                return numerator / denominator; 
            } 
            catch (DivideByZeroException ex) 
            { 
                DivideByZeroFault fault = new DivideByZeroFault(); 
                fault.Error = ex.Message; 
                fault.Detail = "Denominator cannot be ZERO!"; 
                throw new FaultException<DivideByZeroFault>(fault); 
            }           
        } 
    } 
}

 

完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》

 

server web.config

<?xml version="1.0"?> 
<configuration> 
    <system.web> 
      <compilation debug="true" targetFramework="4.0" /> 
    </system.web> 
    <system.serviceModel> 
      <bindings> 
        <basicHttpBinding> 
          <binding name="basicBinding"> 
            <security mode="Transport"> 
              <transport clientCredentialType="None" /> 
            </security> 
          </binding> 
        </basicHttpBinding> 
      </bindings> 
      <services> 
        <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior"> 
          <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" />          
          <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint> 
        </service> 
      </services> 
        <behaviors> 
            <serviceBehaviors> 
                <behavior name="CustomBehavior"> 
                    <serviceMetadata httpsGetEnabled="true" /> 
                    <serviceDebug includeExceptionDetailInFaults="false" />                    
                </behavior> 
            </serviceBehaviors> 
        </behaviors> 
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    </system.serviceModel> 
</configuration> 

 

(二)为WCF Service application添加一个https binding。

具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》

image

 

配置完https binding之后,双击SSL Settings

image

 

勾选Require SSL,点击Apply。

image

 

 

Http的Binding还是不可缺少,否则会出现下面的错误

image

 

 

image

 

 

(三)在客户端安装SSL根证书

由于https证书使用的是

image

 

所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc

 

在客户端,为C:\Windows\System32\Drivers\etc\host 添加一条记录

image

 

然后安装根证书

双击根证书文件,弹出证书属性的对话框,此时该根证书并不受信任,我们需要将其加入“受信任的根证书颁发机构”,点击安装证书

image

image

image

image

image

image

image

 

image

 

(四)客户端代码与配置文件

在客户端Visual Studio添加Service Reference

image

 

private void buttonCalculate_Click(object sender, EventArgs e) 
{ 
    try 
    { 
        textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString(); 
    } 
    catch (FaultException<DemoServiceReference.DivideByZeroFault> fault) 
    { 
        MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail); 
    } 
}

 

client app.config

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
        <bindings> 
            <basicHttpBinding> 
                <binding name="BasicHttpBinding_IDemoService"> 
                    <security mode="Transport" /> 
                </binding> 
            </basicHttpBinding> 
        </bindings> 
        <client> 
            <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService" 
                binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService" 
                contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" /> 
        </client> 
    </system.serviceModel> 
</configuration>

 

 

(五)运行代码,监听Message

image

 

使用Fiddler,发现消息全部加密

image

image

 

但是如果用Microsoft Service Trace Viewer查看Message Log(参见《使用WCF的Trace与Message Log功能 》),可以看到解密后的信息,因为它不是在wire上监听,而Fiddler是在wire上进行监听。

Request:

image

 

Response:

image

 

(六)总结

Transport Security Mode是传输协议级的加密,而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式,比如HTTP的加密方式就为SSL。

 

 

posted @ 2014-11-03 15:31  Coding十日谈  阅读(3705)  评论(0编辑  收藏