WCF服务 - 服务器上安装的SSL证书向客户端指示其安全且需要证书才能访问其服务。另一方面，服务器如何知道客户端...... [英] WCF Services - SSL certificate installed on server indicates to clients that its secure and needs a certificate to access it's services. On the other side, How does a server know that the client...

问题描述

服务器上安装的SSL证书向客户端表明其安全且需要证书才能访问其服务。服务器如何知道打电话的客户端是安全客户端？

服务器是否真的需要知道主叫客户端是否是安全客户端？是不是SSL证书足够检查？



根据我的理解，在IIS上分配给服务的SSL证书使其成为安全传输，客户端需要通过HTTPS进行调用。服务器从客户端接收呼叫时会查找SSL证书，以确保客户端是合法的，并且应该根据请求传输数据。我与之进行过讨论的人没有告诉我如果客户端是安全的，服务器如何验证，但他表示有办法。请分享您的想法。

SSL certificate installed on server indicates to clients that its secure and needs a certificate to access it's services. How does a server know that the client making a call is a secure client?
Does the server really need to know if the calling client is a safe client? Isnt an SSL certficate check enough?

As per my understanding SSL certificate being assigned to a service on IIS makes it a secure transfer and the client needs to make calls via HTTPS. Server when receives a call from the client looks for the SSL certificate to make sure the client is a legit one and should be transmitting data on request. The person i had this discussion with, did not tell me how server validates if a client is secure but he indicated there is a way. Please share your thoughts.

推荐答案

搜索网页并阅读一些资料后，这就是我的理解。



SSL证书（由第三方发布）将通过我们想要公开的IIS添加到wcf服务。这只会确保服务器是安全的。现在，需要来自wcf服务器的信息的客户端将通过共享它拥有的SSL版本以及它想要的信息来启动SSL握手。

现在服务器向客户端发送它拥有的SSL证书。该证书应该由客户信任，或者应该由客户信任的第三方（例如 - verisign）信任。



一旦客户知道这是服务器真正打算连接信息，交换密钥。服务器和客户端现在都可以计算加密密钥。客户端告诉服务器可以加密进一步的通信，并向服务器发送加密和验证的消息。



服务器最终验证是否可以正确解密经过身份验证的消息，它通过消息通知客户端，客户端也会验证。



现在握手过程已经完成。非常有趣的是知道当SSL证书用于安全交易时幕后发生的事情。



非常详细的信息可在： http://security.stackexchange.com/questions/20803/how-does-ssl-work [ ^ ]

After searching the web and reading through some material, This is what i understand.

SSL certificates (issued by third party) are to be added to the wcf service via IIS which we want to expose. This will only make sure that the server is secured. Now a client needing information from the wcf server would initiate a SSL handshake by sharing the SSL version it has and the information it is wanting.
Now server send the client the SSL certificate it has. This certificate should be either trusted by teh client or should be trusted by a third party (example - verisign)the client trusts.

Once the client knows that this is the server its really intended to connect for information, A key is exchanged. Both server and client now can compute the encrypted key. The client tells the server that further communication can be encrypted and sends an encrypted and authenticated message to the server.

The server finally verifies if the authenticated messaged can be decrypted correctly, it informs the client via a message and the client verifies as well.

Now the process of handshake is complete. Very interesting to know what happens behind the scene when SSL certificates are used for secure transactions.

Very detailed information available at : http://security.stackexchange.com/questions/20803/how-does-ssl-work[^]

这篇关于WCF服务 - 服务器上安装的SSL证书向客户端指示其安全且需要证书才能访问其服务。另一方面，服务器如何知道客户端......的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！