如何在WCF Web服务中关闭SecureConversationToken [英] How to turn off SecureConversationToken in WCF web service
本文介绍了如何在WCF Web服务中关闭SecureConversationToken的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个带WS- *安全性的WCF Web服务,我需要使用WSS4J API为它编写Java客户端。
但是,事实证明WSS4J不支持< SecurityContextToken>
和< DerivedKeyToken>
标签,特定于WS-SecureConversation。
I have a WCF web service with WS-* security and I need to write a Java client for it using WSS4J API.
But, as it turns out WSS4J does not support the <SecurityContextToken>
and <DerivedKeyToken>
tags, which are specific to WS-SecureConversation.
有没有办法通过代码或更好的方式通过web.config关闭它?
is there a way to turn it off via code or better, via web.config?
更新:
服务定义:
<service name="my.service"
behaviorConfiguration="SecureTransport">
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
<endpoint
contract="my.interface"
binding="wsHttpBinding"
bindingConfiguration="UsernameAndPassword"/>
</service>
行为和约束:
<behaviors>
<serviceBehaviors>
<behavior name="SecureTransport">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="example.API.Security.CustomUserNameValidator, APISecurity" />
<serviceCertificate findValue="CN=Example" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="UsernameAndPassword">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
推荐答案
只需转动安全上下文,也可能在绑定中进行协商配置:
Just turn security context and probably also negotiation in your binding configuration:
<bindings>
<wsHttpBinding>
<binding name="UsernameAndPassword">
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="false"
negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
这篇关于如何在WCF Web服务中关闭SecureConversationToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文