保护 WCF 服务的最简单方法 [英] Easiest way to protect WCF services

问题描述

我一直在环顾四周，但在我对 WCF 安全性的研究中并没有走得太远.我想创建一个低风险服务，所以我只希望域外不同服务器上的客户端能够使用它所需的一些基本安全性.

I've been looking around and haven't been getting very far in my research of WCF security. I have a low-risk service I want to create so I just want some basic security required for client's on different servers outside of the domain to be able to use it.

WCF 中最简单的方法是什么?难道只是通过使用证书?

What's the easiest way in WCF? Is it just through the use of certificates?

推荐答案

简单加密传输的最简单方法是，如果您只是使用 net.tcp 绑定，那么您可以打开传输安全或消息安全，而无需设置上个证书.

Easiest way to simply encrypt the transmission is if you're just using net.tcp binding, then you can turn on Transport security or Message security without needing to set up a certificate.

WsHttpBinding 消息级安全性(消息内容被加密)默认启用，不需要 SSL 证书.如果客户端在同一个 Windows 网络上，那么默认情况下它也会使用 Windows 身份验证和凭据，因此您应该能够启用传输安全性，而无需那里的 SSL 证书.

With WsHttpBinding message-level security (contents of the message are encrypted) is enabled by default and doesn't require an SSL cert. And if the clients are on the same Windows network then it'll use Windows Authentication and credentials by default, too, so you should be able to enable Transport security without needing an SSL cert there, either.

如果您想通过 HTTPS 向公共 Internet 公开您的服务，那么您需要获取 SSL 证书并将其绑定到运行该服务的服务器上的端口，使用 httpcfg.exe(Windows Server 附带)).

If you want to expose your service over HTTPS to the public internet then you'll need to obtain an SSL certificate and bind it to the port on the server that the service runs on, using httpcfg.exe (comes with Windows Server).

这篇关于保护 WCF 服务的最简单方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！