使用证书安全性时WCF服务响应延迟45秒 [英] WCF Service response 45 second delays when using certificate security
问题描述
我有一个使用tcp绑定的简单WCF服务,在添加证书安全性之前,它一直工作良好.这样做之后,我开始看到大约45秒钟的延迟,该服务才接收到该消息并对其进行处理.使用WireShark,似乎正在进行某种形式的安全协商,然后该服务停止响应约45秒钟,最后它响应客户端,并传递数据.我删除了安全性,并且它再次几乎实时运行.有没有人有类似这样的经历?
服务配置如下:
I have a simple WCF service using a tcp binding that was working great until I added certificate security. Once I did that I began to see about a 45 second delay before the service received the message and processed it. Using WireShark it appears that there is security negotiation of some sort going on and then the service stops responding for about 45 seconds and finally it responds to the client and the data comes across. I removed the security and once again it works in near real time. Does anyone have any experience with something like this?
Here''s the service config:
<services>
<service behaviorConfiguration="MEXGET" name="AtcSystemService.AtcSystemService">
<endpoint binding="netTcpBinding" bindingConfiguration="TcpBindingConfig" name="tcpEndpoint" contract="AtcSystemService.IAtcSystemService"/>
<endpoint kind="udpDiscoveryEndpoint"/>
<endpoint address="net.tcp://CONW-W7-PHILLP:58009" binding="netTcpBinding" bindingConfiguration="TcpLargeFileBinding" name="tcpLargeFileEndpoint" contract="AtcSystemService.IAtcStreamService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://CONW-W7-PHILLP:58008"/>
<add baseAddress="http://CONW-W7-PHILLP:8888"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="TcpBindingConfig">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
<binding name="TcpLargeFileBinding" maxReceivedMessageSize="1048576" transferMode="Streamed">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MEXGET">
<serviceDiscovery/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="CN=AtcCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
这是客户端代码.
And here is the client side code.
mBinding = new NetTcpBinding();
mBinding.Security.Mode = SecurityMode.Message;
mBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
mIdentity = new DnsEndpointIdentity("AtcCert");
IAtcSystemService GetServiceProxy()
{
var myAddress = new EndpointAddress(mServiceAddress.Uri, mIdentity,
mServiceAddress.Headers,
mServiceAddress.GetReaderAtMetadata(),
mServiceAddress.GetReaderAtExtensions());
var factory = new ChannelFactory<IAtcSystemService>(mBinding, myAddress);
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,
StoreName.My, X509FindType.FindBySubjectDistinguishedName,
"CN=AtcCert");
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode
= X509CertificateValidationMode.ChainTrust;
return factory.CreateChannel();
}
推荐答案
由于SSL在服务器之间需要一系列握手,因此可能需要一段时间才能到达实际的方法调用.一个问题可能是开销加密.这仅是第一次调用.但是,一旦他们彼此确认,访问该方法就不会有明显的延迟. http与https [
Since SSL need a series of handshakes between the servers, it might take a while to reach to the actual method call. One issue could be an overhead encryption. This is only for the first time call. However once they acknowledge each other, it will not have significant delay to access the method. Perhaps this article explains about the issue clearly.Web Services Over SSL - Is It Really That Slow Like They Say?[^]. Here is another good point on performance between http vs https[^].
这篇关于使用证书安全性时WCF服务响应延迟45秒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
