使用HTTPS的WCF会话 [英] WCF sessions with HTTPS
问题描述
我无法弄清楚如何在使用HTTPS时为我的WCF服务启用每会话实例。 (我不是ASP.NET专家,但如果可能的话,不想使用ASP.NET会话状态。)我使用的是.NET Framework 3.0。
I cannot figure out how to enable per-session instances for my WCF service while using HTTPS. (I'm not an ASP.NET expert but don't want to use ASP.NET session state if possible.) I am using .NET Framework 3.0.
I已经达到了以下矛盾,我希望有人能告诉我逻辑中存在缺陷的地方。
I have arrived at the following contradiction and am hoping that someone can tell me where there is a flaw in the logic.
1)服务必须托管在IIS 6上,因为客户端授权。
1) The service must be hosted on IIS 6 due to client mandate.
2)服务需要在调用之间维护状态,包括SqlConnection和SqlTransaction实例(由于项目限制,这是丑陋但必要的)。
2) The service needs to maintain state between calls, including SqlConnection and SqlTransaction instances (ugly but necessary due to project constraints).
3)因此我需要使用wsHttpBinding。
3) Therefore I need to use the wsHttpBinding.
4)服务需要能够从HttpContext访问用户身份验证信息。 Current.User.Identity(例如在IIS中使用Windows安全性)。
4) The service needs to be able to access user authentication info from HttpContext.Current.User.Identity (e.g. using Windows security in IIS).
5)因此需要HTTPS。
5) HTTPS is therefore required.
6)因此必须在绑定上配置传输级安全性。
6) Transport-level security must therefore be configured on the binding.
7)配置要求会话的服务意味着我必须配置wsHttpBinding以使用Reli能够进行会议。
7) Configuring the service to require sessions means I have to configure the wsHttpBinding to use Reliable Sessions.
8)这要求在绑定上配置消息级安全性。
8) This requires that message-level security is configured on the binding.
I.e。 (6)和(8)是互斥的。
I.e. (6) and (8) are mutually exclusive.
似乎使用WCF会话要求我使用消息级安全性,这会阻止我使用HTTPS。
It seems that using WCF sessions requires that I use message-level security, which prevents me from using HTTPS.
我缺少什么?
推荐答案
3) True , wsHttpBinding 和 wsDualHttpBinding 是唯一支持会话的HTTP绑定
3) True, wsHttpBinding and wsDualHttpBinding are the only HTTP bindings that support sessions
5) False ,为了验证服务调用者,您不一定需要具有任何传输级安全性(例如SSL / HTTPS)。唯一的要求是配置IIS以为虚拟目录启用集成Windows身份验证。然后在WCF中,您有三种方法可以启用此方案:
5) False, in order to authenticate the service callers you don't necessarily need to have any transport-level security (such as SSL/HTTPS). The only requirement is to configure IIS to enable Integrated Windows Authentication for a virtual directory. Then in WCF you have three possibilities to enable this scenario:
a)使用Windows凭据(HTTPS)在wsHttpBinding上使用传输级安全性
a) Use transport-level security on the wsHttpBinding with Windows credentials (HTTPS)
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SecurityEnabledWsHttp">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
b)使用Windows凭据(HTTP)对wsHttpBinding使用消息级安全性
b) Use message-level security on the wsHttpBinding with Windows credentials (HTTP)
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SecurityEnabledWsHttp">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
c)在 ASP.NET兼容模式下运行您的服务并启用ASP.NET(HTTP)中的 Windows身份验证
c) Run your service under the ASP.NET Compatibility Mode and enable Windows Authentication in ASP.NET (HTTP)
<system.web>
<authentication mode="Windows" />
</system.web>
请注意,在 a 和 b 中将以这种方式从服务中访问调用者的身份:
Note that in a and b you will access the identity of the caller from within a service this way:
OperationContext.Current.ServiceSecurityContext.WindowsIdentity
6) True ,必须在wsHttpBinding上启用传输级安全性才能使用HTTPS
6) True, transport-level security must be enabled on the wsHttpBinding in order to use HTTPS
7)错误,可靠会话是可靠消息的特定实现WCF会话。可靠消息传递是一种WS- *标准规范,旨在保证在不可靠的网络上传递消息。您可以在没有Reliable Messaging的情况下使用WCF会话,反之亦然。使用此属性在服务合同上启用会话:
7) False, Reliable Sessions is a particular implementation of Reliable Messaging for WCF sessions. Reliable Messaging is a WS-* standard specification designed to guarantee message delivery on an unreliable network. You can use WCF sessions without Reliable Messaging, and viceversa. Sessions are enabled on the service contract with this attribute:
[ServiceContract(SessionMode=SessionMode.Required)]
public interface IMyService {
// ...
}
还记得在为了维持服务调用之间的状态,您将明确地必须在服务契约实现上启用适当的实例模式:
Also remember that in order to maintain state between service calls you will explicitly have to enable the appropriate instance mode on the service contract implementation:
[ServiceBehavior(InstanceContextMode=InstanceContextMode.PerSession)]
public class MyService : IMyService {
// ...
}
WCF中有两种会话:安全会话和可靠会话。 wsHttpBinding 和 netTcpBinding 的默认设置是使用安全会话。
对于wsHttpBinding,这是通过消息级安全性来实现的。使用客户端的凭据,即绑定的默认设置。
对于netTcpBinding,会话通过使用设施的设施在传输级建立 TCP协议。
这意味着只需切换到wsHttpBinding或netTcpBinding即可支持WCF会话。
另一种方法是使用可靠会话。这必须在绑定配置中明确启用,并消除了对wsHttpBinding使用消息安全性的要求。所以这将有效:
There are two kinds of sessions in WCF: Secure Sessions and Reliable Sessions. The default setting for both wsHttpBinding and netTcpBinding is to use Secure Sessions.
For wsHttpBinding this is accomplished with message-level security by using the client's credentials, which is the default setting for the binding.
For netTcpBinding instead, the session is established at the tranport level by using the facilities of the TCP protocol.
This means that simply switching to wsHttpBinding or netTcpBinding will enable support for WCF sessions.
The alternative is to use Reliable Sessions. This has to explicitly be enabled in the binding configuration, and removes the requirement of using message security for the wsHttpBinding. So this will work:
<bindings>
<wshttpbinding>
<binding name="ReliableSessionEnabled">
<reliablesession enabled="True" ordered="False" />
<security mode="None" />
</binding>
</wshttpbinding>
</bindings>
8)错误,可靠会话独立于安全设置使用沟通渠道。
8) False, Reliable Sessions are used independently of the security settings of the communication channel.
有关更详细的说明,请查看这篇文章。
For a more detailed explanation, have a look at this article.
这篇关于使用HTTPS的WCF会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
