如何在Soap头WCF中发送敏感信息 [英] How to send sensitive information in Soap header WCF

问题描述

我使用wsHTTPBinding使用默认消息安全性的WCF服务。我通过将其添加到肥皂标题来发送来自客户的令牌



使用（ChannelFactory< mychannel> factory = new ChannelFactory< mychannel>（new WSHttpBinding（）））

{

使用（MyChannelproxy = factory.CreateChannel（new EndpointAddress（@address）））

{

使用（OperationContextScope scope = new OperationContextScope（proxy））

{

Guid myToken = Guid.NewGuid（）;



MessageHeader name = MessageHeader.CreateHeader（Name，ns，myToken）;

MessageHeader id = MessageHeader.CreateHeader（Id，http：// Vid， Id）;

OperationContext.Current.OutgoingMessageHeaders.Add（name）;

OperationContext.Current.OutgoingMessageHeaders.Ad d（id）;





1.当我看到使用fiddler发出请求时，它是纯文本，我需要吗？使用Transport Security进行soap header加密？有没有其他内置的方法可以在不使用SSL的情况下包含传递到soap标头中的信息



2.这是在soap标头中添加敏感信息的正确方法吗？ br />


请传递一些您知道的适合情况的示例或链接，提前致谢

I have a WCF Service with wsHTTPBinding using default message security. I am sending a token from client by adding it to soap header

using (ChannelFactory<mychannel> factory = new ChannelFactory<mychannel>(new WSHttpBinding()))
{
using (MyChannelproxy = factory.CreateChannel(new EndpointAddress(@"address")))
{
using (OperationContextScope scope = new OperationContextScope(proxy))
{
Guid myToken = Guid.NewGuid();

MessageHeader name = MessageHeader.CreateHeader("Name", "ns", myToken);
MessageHeader id = MessageHeader.CreateHeader("Id", "http://Vid", "Id");
OperationContext.Current.OutgoingMessageHeaders.Add(name);
OperationContext.Current.OutgoingMessageHeaders.Add(id);


1. When I saw the request going out using fiddler, its going as plain text, should I need to use Transport Security for soap header encryption ? Is there any other built in way to encrpt the information passing in soap header without using SSL

2. Is this the right way to add sensitive information in soap header ?

Please pass on some example or links you know that suits the situation, Thanks in advance

推荐答案

使用带证书的消息级安全性。



http://shaunrostami.blogspot.com/2012/02/there-are-situation-where-you-cant-use.html [ ^ ]

Using Message Level Security with Certificates.

http://shaunrostami.blogspot.com/2012/02/there-are-situation-where-you-cant-use.html[^]

这篇关于如何在Soap头WCF中发送敏感信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！