Security

1.使用证书

2.使用EndpointBehavior在Client和Server对message验证

public class MyEndPointBehavior : IEndpointBehavior
    {
        private string _uid;

        public string UID
        {
            get { return _uid; }
            set { _uid = value; }
        }

        private string _pwd;

        public string PDW
        {
            get { return _pwd; }
            set { _pwd = value; }
        }
        public MyEndPointBehavior(string uid, string pwd)
        {
            _uid = uid;
            _pwd = pwd;
        }
        public MyEndPointBehavior()
        {

        }
        public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
        {

        }

        /// <summary>
        /// 
        /// </summary>
        /// <param name="endpoint"></param>
        /// <param name="clientRuntime"></param>
        public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
        {
            clientRuntime.ClientMessageInspectors.Add(new MyClientMessageInspector(_uid, _pwd));
        }

        public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
        {
            endpointDispatcher.DispatchRuntime.MessageInspectors.Add(new MyDispatchMessageInspector());
        }

        public void Validate(ServiceEndpoint endpoint)
        {

        }
    }

internal class MyClientMessageInspector : IClientMessageInspector
    {
        private string _uid;

        public string UID
        {
            get { return _uid; }
            set { _uid = value; }
        }

        private string _pwd;

        public string PDW
        {
            get { return _pwd; }
            set { _pwd = value; }
        }

        public MyClientMessageInspector(string uid, string pwd)
        {
            _uid = uid;
            _pwd = pwd;
        }

        public void AfterReceiveReply(ref Message reply, object correlationState)
        {

        }

        public object BeforeSendRequest(ref Message request, IClientChannel channel)
        {
            request.Headers.Add(MessageHeader.CreateHeader("uid", "", _uid));
            request.Headers.Add(MessageHeader.CreateHeader("pwd", "", _pwd));

            //Console.WriteLine("client before request");
            //Console.WriteLine(request);
            return request;
        }
    }

internal class MyDispatchMessageInspector : System.ServiceModel.Dispatcher.IDispatchMessageInspector
    {

        public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
        {
            string uid = request.Headers.GetHeader<string>("uid", "");
            string pwd = request.Headers.GetHeader<string>("pwd", "");

            if (uid == "vvf" && pwd == "123")
            {
                Console.WriteLine("login success");
            }

            //Console.WriteLine("server after receive request");
            //Console.WriteLine(request);
            return request;
        }

        public void BeforeSendReply(ref Message reply, object correlationState)
        {

        }
    }

static void Main(string[] args)
        {

            using (ServiceHost host = new ServiceHost(typeof(OrderService)))
            {
                host.Description.Endpoints[0].EndpointBehaviors.Add(new Lib04.MyEndPointBehavior());

                host.Opened += Host_Opened;
                host.Open();
                Console.ReadKey(); 
            }
        }

        private static void Host_Opened(object sender, EventArgs e)
        {
            Console.WriteLine("opened");
        }

static void Main(string[] args)
        {
            ServiceReference1.OrderServiceClient client = new ServiceReference1.OrderServiceClient();
            client.Endpoint.EndpointBehaviors.Add(new Lib04.MyEndPointBehavior("vvf", "123"));
            client.Do1(11);
            Console.ReadKey();
        }