WCF BasicHttpBinding SSL消息加密 [英] WCF BasicHttpBinding SSL Message Encryption
问题描述
我在提供SSL的IIS服务器中托管了WCF服务
I have WCF Service hosted in IIS Server with SSL provided
此WCF服务用于我用于我的Xamarin.Forms的PCL(可移植类库)中( Android,IOS,Windows Phone)
This WCF service is used inside a PCL ( Portable Class Library ) that i used for my Xamarin.Forms ( Android,IOS,Windows Phone)
现在我从应用程序连接到我的服务..连接看起来像这样..
Now i connect to my service from the application .. the connection looks like this..
http s :// mysite.mywebservice.com:1111 / someservice.svc
https://mysite.mywebservice.com:1111/someservice.svc
并且运作良好。我可以很好地连接和请求来自服务的数据..
and is working very well. I can connect and request data from the service just fine..
最近我想确保数据传输之间的连接是安全的,但令我惊讶的是
Recently i wanted to make sure that the connection between transportation of data are secure but for my surprise was NOT
我已在我的Android上安装了一个名为NET CAPTURE的应用程序,它允许您监控网络数据的流量。
I have installed on my android an application called NET CAPTURE which allows you to monitor the traffic of your network data..
当我向我的服务请求时,例如客户。 ..然后转到NET CAPTURE看看显示的内容..我可以看到XML格式的所有属性和收入数据的名称..
When i request from my service e.g customers... and then go to NET CAPTURE to see what is shows.. i can see in XML format all the properties and the names of income data..
我认为通过提供SSL到wcf服务 在IIS中 这些信息将被加密,我不需要对wcf进行任何其他配置。
I thought that by providing an SSL to the wcf service in IIS these information would be encrypted and i wouldn't need to do any other configuration to the wcf.
我做错了什么?如何保护我的数据?
What i do wrong ? How can i protect my data?
stelios ----------
stelios ----------
推荐答案
您好stelios84,
BasicHttpBinding绑定不支持消息安全性,但服务器和客户端都使用证书来保护传输消息的安全性。
仅使用证书确保传输层的安全性,如果您不想公开消息,可以使用消息安全性,也需要客户端提供证书。
实际上,BasicHttpBinding的目的是兼容旧的Web服务。从某种意义上说,消息的安全性就会丢失。这是Wshttpbinding中传输的消息。
https://docs.microsoft.com/en- us / dotnet / framework / wcf / feature-details / message-security-in-wcf
最好的问候
亚伯拉罕
Hi stelios84,
Message security is not supported in BasicHttpBinding binding, except that both the server and client use the certificate to protect the security of the transmitted message.
Use the certificates only ensure that transport layer security, if you don’t want to expose the message, you could use the message security which also need client to provide certificate.
In fact, BasicHttpBinding aims to compatible with the old web service. in a sense, the security of the message is lost. Here is the transmitted message in Wshttpbinding.
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/message-security-in-wcf
Best Regards
Abraham
这篇关于WCF BasicHttpBinding SSL消息加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
