我的WCF服务涉及在客户端和服务之间发送数据集(以csv格式)数据.必须对此数据集进行加密,以便无法拦截数据.我正在使用wshttpbinding并尝试使用web.config中的以下设置来加密消息:
<wsHttpBinding>
<binding name="wsHttp">
<reliableSession enabled="true" />
<security mode="Message">
<message clientCredentialType="UserName" algorithmSuite="TripleDes" />
</security>
</binding>
</wsHttpBinding>
当我尝试生成客户端代理时,我得到一个很长的错误消息框(无法完全读取,因为它离开了屏幕的底部!).错误消息确实提到了"未提供服务证书"的问题.
如何加密邮件?我需要证书吗?我应该提一下,这项服务将在不同领域的互联网上使用,所以我不确定使用"用户名"安全性是否是最佳选择(?)
基本上我很困惑!
我创建了WCF,我使用wsHttpBinding和MTOM作为消息传输,认证为"Windows".
现在我的服务不是当前的SECURE,它是普通的HTTP,在自定义端口上运行.
WCF的wsHttpBinding的Windows身份验证是否安全?任何人都可以看到密码或通过网络跟踪猜测?
环境信息:
这是app.config
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="metaAndErrors">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceAuthorization impersonateCallerForAllOperations="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="CustomServiceHost.CustomService"
behaviorConfiguration="metaAndErrors"
>
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="wsHttpLargeBinding"
contract="CustomServiceHost.ICustomService"/>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:89/CustomService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding
name="wsHttpLargeBinding" messageEncoding="Mtom"
maxReceivedMessageSize="2147483647">
<readerQuotas maxArrayLength="512000"/>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
以下是在运行时完成的客户端配置,
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Message.ClientCredentialType
= MessageCredentialType.Windows;
binding.Security.Mode = SecurityMode.Message;
binding.MessageEncoding = …