如何在WCF Web服务中关闭SecureConversationToken [英] How to turn off SecureConversationToken in WCF web service

查看:156
本文介绍了如何在WCF Web服务中关闭SecureConversationToken的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个带WS- *安全性的WCF Web服务,我需要使用WSS4J API为它编写Java客户端。
但是,事实证明WSS4J不支持< SecurityContextToken> < DerivedKeyToken> 标签,特定于WS-SecureConversation。

I have a WCF web service with WS-* security and I need to write a Java client for it using WSS4J API. But, as it turns out WSS4J does not support the <SecurityContextToken> and <DerivedKeyToken> tags, which are specific to WS-SecureConversation.

有没有办法通过代码或更好的方式通过web.config关闭它?

is there a way to turn it off via code or better, via web.config?

更新:

服务定义:

      <service name="my.service" 
           behaviorConfiguration="SecureTransport">
    <endpoint 
      address="mex" 
      binding="mexHttpBinding" 
      contract="IMetadataExchange" />
    <endpoint 
      contract="my.interface" 
      binding="wsHttpBinding" 
      bindingConfiguration="UsernameAndPassword"/>
  </service>

行为和约束:

<behaviors>
  <serviceBehaviors>
    <behavior name="SecureTransport">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true"/>
      <serviceCredentials>
        <userNameAuthentication   userNamePasswordValidationMode="Custom"
                                  customUserNamePasswordValidatorType="example.API.Security.CustomUserNameValidator, APISecurity" />
        <serviceCertificate findValue="CN=Example" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="UsernameAndPassword">
      <security mode="Message">
        <message clientCredentialType="UserName" />            
      </security>
    </binding>
  </wsHttpBinding>
</bindings>


推荐答案

只需转动安全上下文,也可能在绑定中进行协商配置:

Just turn security context and probably also negotiation in your binding configuration:

<bindings>
  <wsHttpBinding>
    <binding name="UsernameAndPassword">
      <security mode="Message">
        <message clientCredentialType="UserName" establishSecurityContext="false"
                 negotiateServiceCredential="false" />            
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

这篇关于如何在WCF Web服务中关闭SecureConversationToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆