WCF-如何加密邮件? [英] WCF - How do I encrypt messages?
问题描述
我的WCF服务涉及在客户端和服务之间发送数据集(csv格式)数据.该数据集必须经过加密,以防止数据被截获.我正在使用wshttpbinding,并尝试通过在web.config中使用以下设置来加密邮件:
My WCF service involves the sending of a dataset (in csv format) data between client and service. This dataset must be encrypted so that the data cannot be intercepted. I'm using wshttpbinding and trying to encrypt the message by using the following settings in web.config:
<wsHttpBinding>
<binding name="wsHttp">
<reliableSession enabled="true" />
<security mode="Message">
<message clientCredentialType="UserName" algorithmSuite="TripleDes" />
</security>
</binding>
</wsHttpBinding>
当我尝试生成客户端代理时,我得到了一个很长的错误消息框(无法完全读取,因为它从屏幕底部消失了!).该错误消息确实提到了有关未提供服务证书"的内容.
When I try and generate a client proxy I get a long error messagebox (which cannot be completely read because it goes off the bottom of the screen!). The error message does mention something about a "service certificate not being provided".
如何加密邮件?我需要证书吗?我应该提到,该服务将在不同域的Internet上使用,因此我不确定使用用户名"安全性是否是最佳选择(?)
How do I encrypt a message? Do I need a certificate? I should mention that this service will be used over the internet from different domains so I'm not sure whether using "Username" security is the best option (?)
基本上我很困惑!
推荐答案
是的,您的服务需要证书,以便可以安全地交换加密密钥.您可以使用makecert.exe创建测试服务身份验证证书.参见
Yes, your service needs a certificate so that your encryption keys can be exchanged securely. You can create a test service authentication certificate with makecert.exe. See this entry in my blog for the details of that.
您还需要确保您的服务正在运行的帐户能够读取证书的私钥文件.如果您使用的是Windows Vista(或更高版本),则使用证书MMC管理单元可以控制对该私钥的权限,但是对于Windows的早期版本则要困难一些.我曾经使用WSE3附带的实用程序,但是其他人也许可以提出更直接的方法.除非您的服务以管理员身份运行,否则您很可能必须调整这些权限.
You also need to ensure that the account your service is running as is able to read the certificate's private key file. If you're on Windows Vista (or later) the Certificates MMC snap-in allows you to control permissions on that private-key, but for earlier versions of Windows it's a bit harder. I used to use a utility that came with WSE3, but someone else might be able to suggest a more direct way. Unless your service runs as an admin, you will most likely have to adjust these permissions.
更新:像所有美好的事物一样,我的博客也告一段落.感谢makerofthings7提醒我.您需要生成服务认证证书的makecert命令是这样的...
Update: like all good things, my blog came to an end. Thanks to makerofthings7 for reminding me. The makecert command you need to generate a service authentication certificate is something like this...
makecert -sr LocalMachine -ss My -pe -n CN=subject-name -eku 1.3.6.1.5.5.7.3.1 -sky exchange
...用任何对您的服务有意义的证书名称替换 subject-name .
...simply replace subject-name with any certificate name that makes sense for your service.
这篇关于WCF-如何加密邮件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
