没时间细细研究了,谁贴一个wcf安全的配置,100分
研究了快一天,来不急了,哪位高人贴下配置。采用后加到200分。使用Message Security传输安全模式,使用wsHttpBinding绑定 ,客户端凭证使用username。
客户端和服务器端如何配置? --------------------编程问答-------------------- --------------------编程问答-------------------- 帮顶
--------------------编程问答-------------------- 顶 --------------------编程问答-------------------- <?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="OCFA_WebServiceLibrary.WebServiceBehavior"
name="OCFA_WebServiceLibrary.WebService">
<endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBindingConfiguration"
name="wsHttpBindingEndPoint" contract="OCFA_WebServiceLibrary.IWebService" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
name="mexHttpBindingEndPoint" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://192.168.40.177:17102" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="OCFA_WebServiceLibrary.WebServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication
customCertificateValidatorType="OCFA_WebServiceLibrary.CustomX509CertificateValidator, OCFA_WebServiceLibrary"
certificateValidationMode="Custom" />
</clientCertificate>
<serviceCertificate
findValue="OCFA_WebService"
storeLocation="LocalMachine"
storeName="Root"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfiguration">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration> --------------------编程问答-------------------- 还没研究过wcf哈,帮顶 --------------------编程问答-------------------- 帮顶吧 --------------------编程问答-------------------- public class CustomX509CertificateValidator : X509CertificateValidator
{
public override void Validate(X509Certificate2 certificate)
{
Console.WriteLine("Certificate Subject is :{0}", certificate.Subject);
Console.WriteLine("Certificate Thumbprint is :{0}", certificate.Thumbprint);
//This is the Client Certificate Thumbprint,In Production,We can validate the Certificate With CA
if (certificate.Thumbprint != "862cefb4925a0c248b0ef461a848bc256a488d31")
{
Console.WriteLine("CertificateValidatation is failed !{0}", certificate.Subject);
throw new SecurityTokenException("Unknown Certificate");
}
else
{
Console.WriteLine("CertificateValidatation is sucessfully !:{0}", certificate.Subject);
}
}
--------------------编程问答-------------------- 看了一下网上的资料,都需要x509证书.
http://www.cnblogs.com/frank_xl/archive/2009/02/28/1400007.html
但有一个silverlight的实例,是基于basichttpbinding的.这个没提到证书.
--------------------编程问答-------------------- x509证书配置比较麻烦,这个是不需要证书的一个实例.但总看着不爽.
http://www.codeproject.com/KB/webservices/ClearUsernameBinding.aspx --------------------编程问答-------------------- x509证书配置确实比较麻烦 --------------------编程问答-------------------- .......x509证书配置比较麻烦,这个是不需要证书的一个实例.但总看着不爽.
http://www.codeproject.com/KB/webservices/ClearUsernameBinding.aspx --------------------编程问答-------------------- 没有用过 帮顶 --------------------编程问答-------------------- 没有用过 帮顶 --------------------编程问答-------------------- 可是不能配置sl3使用啊,sl3只能用basicHttpBinding绑定 --------------------编程问答-------------------- http://www.cnblogs.com/virusswb/archive/2010/01/25/1655748.html
这个帖子的问题,大家可以帮忙解决一下,谢谢了
补充:.NET技术 , Web Services