仅带有服务证书的WCF消息安全性 [英] WCF Message Security with Service Certificate only

问题描述

我对WCF还是很陌生，想知道是否可以进行Message Security，在这里我仅将x.509证书用于服务，而对于客户端安全则使用Windows凭据，是否可以接受，这行得通?尝试搜索网络，但是 没有关于这种方法的讨论，或者我在Google搜索中使用了错误的措词，我们将不胜感激，谢谢大家.

基本上，我会把它放在绑定中:

I'm fairly new to WCF, and wanted to know if it is possible to do Message Security, where I use a x.509 certificate for the service only, and for client security do windows credentials, is this acceptable, does it work? Tried searching the web, but either no discuss on this approach exists, or I have put the wrong wording in my google search, any help is much appreciated, thank you all.

basically, I'd have this in my binding:

<wsHttpBinding>
  <binding name="msgBinding">
    <security mode="Message">
      <message clientCredentialType="Windows" />
    </security>
  </binding>
</wsHttpBinding>

和我的行为:

and on my behavior:

<behavior name="wsHttpCertificateBehavior">
  ...
  <serviceCredentials>
    <serviceCertificate findValue="MyCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" />
  </serviceCredentials>
</behavior>

推荐答案

你好

为什么要使用此设置?默认的WSHttpBinding的消息安全性使用Windows客户端凭据和协商.因此，如果客户端和服务器都在同一域或受信任域中，则可以使用安全消息传递而无需指定服务证书 (不是必需的).

why do you want to use this setting? Default WSHttpBinding's message security uses windows client credentials and negotiation. So if both client and server are in same domain or trusted domains you can use secure messaging without specifying service certificate (it is not required).

最诚挚的问候，
拉迪斯拉夫

Best regards,
Ladislav

这篇关于仅带有服务证书的WCF消息安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！