消息加密不适用于 wsHTTPBinding

【问题标题】:Message Encryption not working with wsHTTPBinding消息加密不适用于 wsHTTPBinding
【发布时间】:2014-12-12 15:56:29
【问题描述】:

我似乎无法让消息加密适用于 wsHTTPBinding。

我的设置是:

  1. IIS 服务器
  2. 默认网站需要 SSL,并且绑定到我使用 IIS 自签名证书链接使用的自签名证书。
  3. SSL 允许证书。
  4. 在我的 Web 服务的 Web.Config 中,我打开了日志记录,这就是我看到消息未加密的方式。
  5. Web.Config 如下
  6. 调用应用的应用配置如下。

我相信 SSL 正在按预期工作,因为当我尝试使用 http 访问 Web 服务时出现错误。 “您尝试访问的页面受安全套接字层 (SSL) 保护。”如果我使用 https 访问网络服务,我会得到提供元数据链接的标准服务页面。

证书 pc548.fuzzywig.com 已组成,但我在那里的证书似乎可以正常工作。

网页配置

<?xml version="1.0"?>
<configuration>

  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
        <listeners>
          <add type="System.Diagnostics.DefaultTraceListener" name="Default">
            <filter type="" />
          </add>
          <add name="ServiceModelMessageLoggingListener">
            <filter type="" />
          </add>
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add initializeData="c:\github\idjcwebservices\dolwebservicehost\web_messages.svclog"
        type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
        name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
        <filter type="" />
      </add>
    </sharedListeners>
    <trace autoflush="true" />
  </system.diagnostics>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="false" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1"/>
  </system.web>

  <system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMalformedMessages="true"
        logMessagesAtTransportLevel="true" />
    </diagnostics>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_DOLService">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Certificate" ></transport>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>

      <serviceBehaviors>
        <behavior name="serviceCredentialBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName"/>
            <clientCertificate>
              <certificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="pc548.fuzzywig.com"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors> 
    <services>
      <service name="JuvenileDataShare.DOLService.DOLService" behaviorConfiguration="serviceCredentialBehavior">
        <endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
                  binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_DOLService"
                  contract="JuvenileDataShare.DOLService.IDOLService">
          <identity>
            <certificateReference storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName" />
          </identity>
        </endpoint>
        <endpoint address="mex"
                  binding="mexHttpBinding"
                  contract="IMetadataExchange" />
      </service>
    </services>

  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>

        <!--To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.-->

    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>

应用程序配置

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
    </startup>
    <system.serviceModel>
      <bindings>
        <wsHttpBinding>
          <binding name="WSHttpBinding_IDOLService">
            <security mode="TransportWithMessageCredential">

              <transport clientCredentialType="None" />
              <message clientCredentialType="Certificate" />
            </security>
          </binding>
        </wsHttpBinding>
      </bindings>
        <client>
            <endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDOLService" behaviorConfiguration="endpointCredentialBehavior"
                contract="ServiceReference1.IDOLService" name="WSHttpBinding_IDOLService">
                <identity>
                    <certificate encodedValue="AwAAAAEAAAAUAAAAoNjSmPGA78fyuWudCXDRS+ctSL4gAAAAAQAAAOgCAAAwggLkMIIBzKADAgECAhAZR1gTdbeUs0DhGCG1RcuZMA0GCSqGSIb3DQEBBQUAMBsxGTAXBgNVBAMTEFBDNTQ4LnJlc2RhdC5jb20wHhcNMTQxMjEwMjMxMzExWhcNMTUxMjEwMDAwMDAwWjAbMRkwFwYDVQQDExBQQzU0OC5yZXNkYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3yOPbRwjthCWnrZEjXdnp2XiGfjqJKQEu3BT5Sx6JGFJnFx/EnYo9GsZY+oDQQBcvIvG1sOH7H9Egxxl4Br1m0+qfO1RkaMCa1RsloE6bgWJMtlnGO0NazfNYI8zyjkpY5VclTesa1jrrzZ1qwllmWPZftwjiKsbdewfZ6sqCwfzI6DMdbUyWkB/l7CWjixOqdkrARnnfB728MVCDAz2/2EOh3hmDC+p1uNSJ4dNumdsNKEocruM7rsOszxzRLV5jcqrg/wG1RwSa2jdZ3ncyshBHlGtnfN+Rq7IEd3c1iwmjEgZFyppjyGi6JLLXU5QvnFOj75t12YoBWgaiIqNwIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBACzT10S1nrPONEVR5oHzIieg2TPFKbDL/Id7Zl7Yw+zTBB2IChAeMu3DuxYIR3+Ph0S6lm82lTF7daozhDKUpOzDjjYDHd/epPNaZRUf/t6NMbIWylj0j10BdISw/dI7a0cTAJ+sP26uaD0czN21BhDAL67QSnKVLlESXDPmPGxSx3Rj6aDEQzCBJagx+gaVFjevFmrdYzUQTpAJZV6u9b3ye+q0mjXYxqDKKQ2dtt6Qbb98km1vSL602bjg0SJhEEHa76yLZZiGM7fS1YTyruyqRfmkwrtyQNiKB0xiJCj0J3BC1HKXYqdC0qeQ99aEpl4+vqRt3dr8j/6uiZwTz4w=" />
                </identity>
            </endpoint>
        </client>
      <behaviors>
        <endpointBehaviors>
          <behavior name="endpointCredentialBehavior">
            <clientCredentials>
              <clientCertificate findValue="pc548.fuzzywig.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
    </system.serviceModel>
</configuration>

最后是日志显示它没有加密。

<MessageLogTraceRecord>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IDOLService/HelloWorld2Response</a:Action>
<a:RelatesTo>urn:uuid:ede09c2c-b46f-4277-970a-c41b556ce3d9</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-12-12T15:54:47.304Z</u:Created>
<u:Expires>2014-12-12T15:59:47.304Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<HelloWorld2Response xmlns="http://tempuri.org/">
<HelloWorld2Result>Hello World2 @ 12/12/2014 8:54:47 AM</HelloWorld2Result>
</HelloWorld2Response>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>

【问题讨论】:

    标签: wcf ssl encryption wcf-security


    【解决方案1】:

    将 mexHttpBinding 更改为 mexHttpsBinding,然后通过“更新服务参考”更新元数据。进行这些更改后再次检查。希望这会有所帮助。

    【讨论】:

      猜你喜欢
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript C# Mysql Docker 算法 前端 SpringBoot Redis Vue spring .net 设计模式 .net core c++ kubernetes 数据库 机器学习 大数据 数据结构 微服务 js 人工智能 Go Android 面试 程序员 JVM 云原生 后端 ASP.net core 深度学习 CSS k8s git golang PHP devops Nginx Django React mybatis 架构 多线程 Spring Boot 云计算 LeetCode 分布式