WCF 安全
服务器端与客户端都安装证书,双方通过证书加密通讯。
配置wsHttpBinding,使用基于消息的用户名验证。首先配置为Windows账户库验证。
服务器端配置:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <system.serviceModel> <services> <service name="Server.EchoClaims" behaviorConfiguration="echoClaimsBehavior"> <endpoint address="EchoClaims" binding="wsHttpBinding" bindingConfiguration="echoClaimsBinding" contract="Server.IEchoClaims"></endpoint> </service> </services> <bindings> <wsHttpBinding> <binding name="echoClaimsBinding"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="true"/> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="echoClaimsBehavior"> <serviceCredentials> <serviceCertificate findValue="CN=WCFServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/> <userNameAuthentication userNamePasswordValidationMode="Windows"/> </serviceCredentials> <serviceMetadata httpGetEnabled="true"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration>
客户端配置:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IEchoClaims"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="true" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="echoClaimsBehavior"> <clientCredentials> <serviceCertificate> <authentication certificateValidationMode="None" revocationMode="NoCheck"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <client> <endpoint address="http://localhost:8000/EchoClaims" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IEchoClaims" contract="EchoService.IEchoClaims" name="WSHttpBinding_IEchoClaims" behaviorConfiguration="echoClaimsBehavior"> <identity> <certificate encodedValue="AwAAAAEAAAAUAAAAfrv857e8xZLzhuCQyO7qa/0wCkIgAAAAAQAAAPcCAAAwggLzMIIB36ADAgECAhAaodle1qkYlUXIdQ/PwC7IMAkGBSsOAwIdBQAwEjEQMA4GA1UEAxMHV0NGUm9vdDAeFw0xNDA0MDkwMjQ0MTlaFw0zOTEyMzEyMzU5NTlaMBQxEjAQBgNVBAMTCVdDRlNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyruHtFKP3kZCLphXZo3/an9RcWAZ/bDi0pNBL1wQOAXQqz+IWNYIAcL3Yu6+gTouOhEufhoeLSi6dqflxmGZ932hofR7riukGyJbOsHKCRcXuJTPXw0NvMTrJfCB6kD2nkOVgATrJfBazGQIb1OTj7kFYq2IJDIw5+M3toooaNWvF6z/ggL6DyxYuZ0rUf+bQpAhiKjBS49Ci7/LrVtnY9NxCoUTfgGbcg6A5PKf8eC0Cm2yLxnAt0yuCalWm2RlZQuMwfx1QIWV9IVla+aI5FiM2CoiVzumYp9nivZ2isy3Na2zqa0jp0Ik8Pg7c4kh1oSKLezbKYSo8ogvg2wzMCAwEAAaNLMEkwRwYDVR0BBEAwPoAQ7yxNpv71Jf0+UvKX5DgORaEYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghA1FBocsiV2iUdFzYL/JyWnMAkGBSsOAwIdBQADggEBAIIXE9oU7K/6qPD1kKNXwruT5YYmHu/ogCpo5JD3keODMjakDBn7gr5wuqZsqoyvmKH8eNrTjP80crbUrdmh10Tr1V7JpbELTDFWLCyj4A/aS8a2DhpB0rksKd/sxtFu0nVJWKb/16+NZsBH6mjPYRui8id1QMDEPG29oPr0gJRuvPYtCJajgmMFGPlCanNN5diteiKf+OCWBu5D4y7Gypo2KgHXVgMz8+DkJU3e1AdGyeY3jrGzge42eM0xq2itbVL/t9FdnIeYDcUBIRiQlbDgWQIkpq6aH3G/WGFEVhbg6I0I9N4hANLTehsSe0YMfrN+8EB42BhwnYlMjFuh11k=" /> <dns value="WCFServer"/> </identity> </endpoint> </client> </system.serviceModel> </configuration>
2, 自定义的成员提供程序最为身份库:
任何成员提供程序都必须派生自System.Web.MembershipProvider 基类,并且需要实现它的几个方法,以验证和管理应用程序中的用户。在WCF中只需要ValidateUser方法,用它来验证证书。
1 namespace Server 2 { 3 public class MyMembershipProvider : UserNamePasswordValidator 4 { 5 public override void Validate(string userName, string password) 6 { 7 //throw new NotImplementedException(); 8 if (userName != "joe" || password != "bar") 9 { 10 throw new SecurityTokenValidationException("The user could not be authenticated."); 11 } 12 } 13 } 14 }
1 <?xml version="1.0" encoding="utf-8"?> 2 <configuration> 3 <startup> 4 <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/> 5 </startup> 6 <system.serviceModel> 7 <services> 8 <service name="Server.EchoClaims" behaviorConfiguration="echoClaimsBehavior"> 9 <endpoint address="EchoClaims" binding="wsHttpBinding" bindingConfiguration="echoClaimsBinding" contract="Server.IEchoClaims"></endpoint> 10 </service> 11 </services> 12 <bindings> 13 <wsHttpBinding> 14 <binding name="echoClaimsBinding"> 15 <security mode="Message"> 16 <message clientCredentialType="UserName" negotiateServiceCredential="true"/> 17 </security> 18 </binding> 19 </wsHttpBinding> 20 </bindings> 21 <behaviors> 22 <serviceBehaviors> 23 <behavior name="echoClaimsBehavior"> 24 <serviceCredentials> 25 <serviceCertificate findValue="CN=WCFServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/> 26 27 <userNameAuthentication userNamePasswordValidationMode="Custom" 28 customUserNamePasswordValidatorType="Server.MyMembershipProvider, Server"/> 29 30 </serviceCredentials> 31 <serviceMetadata httpGetEnabled="true"/> 32 </behavior> 33 </serviceBehaviors> 34 </behaviors> 35 </system.serviceModel> 36 37 </configuration>
8.3.2 建立在传输层安全至上的用户名验证
posted on 2014-07-08 09:58 Henry_Wang 阅读(367) 评论(0) 编辑 收藏 举报
