WCF安全:TransportWithMessageCredential和消息安全模式之间的区别 [英] WCF Security: Difference between TransportWithMessageCredential and Message Security Mode
问题描述
在WCF安全性方面,我想知道 TransportWithMessageCredential 与 Message 之间的区别.
I would like to know the difference between TransportWithMessageCredential Vs Message in terms of WCF security.
我所知道的是:
传输安全性::用于在两个端点之间提供点对点安全性.
Transport security: Is used to provide point-to-point security between the two endpoints.
消息安全性::它提供了端到端的安全性.由于邮件安全性直接对邮件进行加密和签名,因此使用中介不会破坏安全性.
Message security: It provides end-to-end security. Because message security directly encrypts and signs the message, having intermediaries does not break the security.
如果我们使用 TransportWithMessageCredential 模式,那么SOAP消息(标头和正文)是否已加密?
If we use TransportWithMessageCredential mode, is the SOAP message (Header and Body) encrypted?
我担心的是,我希望在WCF服务器和WinForms客户端之间对应用程序数据进行加密.
My concern is that I want to have the application data to be encrypted between WCF server and my WinForms client.
推荐答案
如果我们使用TransportWithMessageCredentials模式,是SOAP消息(标头和正文)已加密?
If we use TransportWithMessageCredentials mode , Is SOAP message( Header and Body) encrypted?
是的,因为使用 TransportWithMessageCredential 安全模式,它是传输安全性,它为通过网络传输的消息提供机密性和完整性保护.在这种情况下,传输安全性还提供服务验证.例如,对于HTTP,安全套接字层(SSL)用于对通过安全HTTP(HTTPS)发送的数据包的内容进行加密和签名.
Yes, since with TransportWithMessageCredential security mode it is transport security which is providing confidentiality and integrity protection for the messages that are transmitted over the wire. Transport security also provides service authentication in this case. For example, with HTTP, Secure Sockets Layer (SSL) is used for encrypting and signing the contents of the packets sent over Secure HTTP (HTTPS).
在 TransportWithMessageCredential 安全模式下,客户端身份验证是通过SOAP消息安全性提供的,其中,客户端凭据直接放在消息中.
With TransportWithMessageCredential security mode, client authentication is provided by means of SOAP message security where the client credential is put directly in the message.
当SOAP消息离开该服务的客户端时,将被加密.但是,与传输安全性一样,它在两个端点(服务和客户端)之间提供点对点(非端到端)安全性.因此,如果客户端和服务之间存在中间系统,则每个中间点都必须通过新的安全连接转发消息.
When the SOAP message leaves the client for the service it is encrypted. However, as with transport security it provides point-to-point (not end-to-end) security between the two endpoints (service and client). So if there are intermediary systems between the client and the service, each intermediate point must forward the message over a new secure connection.
更新每个评论
您说:当SOAP消息离开客户端进行服务时,加密",那么它应该是端到端的安全性.为什么只是点对点.
you said "When the SOAP message leaves the client for the service it is encrypted' Then it should be end -end security. why it is only point -to-point.
传输安全性是点对点的,因为一条消息在离开一个端点时一直被加密,直到它到达安全传输的另一个端点为止,然后再对该消息进行解密,该安全性一直保持不变.在客户端和服务器直接相互通信的部署中,这将提供整个加密过程.但是,如果您的服务端点要将该邮件转发到预期的收件人,则不再保证从该点开始对您的邮件进行加密.
Transport security is point-to-point because a message is encrypted when it leaves one endpoint and remains so until it reaches the other endpoint of the secure transport where the message is then decrypted. In deployments where the client and server are talking directly to each other, then this provides encryption the whole way through. However, if your service endpoint is going to forward that message onto the intended recipient, then your message is no longer guaranteed to be encrypted from that point onward.
消息安全性直接对消息进行加密和签名,以便只有目标收件人才能解密和读取消息的实际内容.因此,可以保证发送方和接收方之间的安全,而不仅仅是端点之间的安全.因此,消息安全性提供了端到端的安全性.
Message security directly encrypts and signs the message so that only the intended recipient can decrypt and read the actual contents of the message. Therefore security is guaranteed between sender and recipient and not just between endpoints. Therefore, message security provides end-to-end security.
我可以断定TransportWithMessageCredential提供安全点吗?点对点和消息级安全性提供了端到端安全性.然后为什么建议使用《 WCF安全指南》使用WCF时带有UserName的TransportWithMessageCredential在Internet中使用Windows窗体客户端.
Can i conclude TransportWithMessageCredential provide security point -to-point and message Level security provide End-to-End Security. then Why WCF security Guide is suggesting to use TransportWithMessageCredential with UserName When we are using WCF with Windows form client in internet.
是的,这是正确的. TransportWithMessageCredential 安全性提供点对点,而 Message 安全性提供端到端的安全性.《 WCF安全指南》建议将客户端凭据设置为 UserName ,因为它将用于对客户端进行身份验证.在 UserName 情况下,我们将用户名和密码对直接放在SOAP消息中.除非客户端提供某种凭据(例如 UserName 或 Certificate )以对服务进行身份验证,否则您将拥有一个匿名客户端.匿名客户端意味着由于该客户端未通过身份验证,因此任何人都可以访问您的服务.
Yes, that is correct. TransportWithMessageCredential security provides point-to-point and Message security provides end-to-end security. The WCF Security Guide is suggesting to set the client credential to UserName because this will be used to authenticate the client. In the UserName case, we have the username and password pair being put directly in the SOAP message. Unless the client provides some sort of credential such as a UserName or Certificate to authenticate themselves to the service you will have an anonymous client. An anonymous client means that anyone can access your service since the client is not being authenticated.
如果未使用TransportWithMessageCredential加密邮件正文那为什么微软说TransportWithMessageCredential是一个传输和邮件安全性的结合
If message body is not encrypted with TransportWithMessageCredential then why Microsoft says TransportWithMessageCredential is a combination of both Transport and Message security
与我的原始答案一样:SOAP消息由传输层(例如HTTPS)加密和签名. TransportWithMessageCredential 是传输和消息安全性的结合,因为传输安全性对消息进行加密和签名以及向客户端验证服务,并且消息安全性用于向服务端验证客户端.
As with my original answer: The SOAP messages are encrypted and signed by the transport layer (e.g. HTTPS). TransportWithMessageCredential is a combination of both transport and message security since transport security encrypts and signs the messages as well as authenticates the service to the client and message security is used to authenticate the client to the service.
这篇关于WCF安全:TransportWithMessageCredential和消息安全模式之间的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
