如何安全地在 PHP 和 WCF 之间通信 [英] How to communicate between PHP and WCF securely

问题描述

我的系统基于.net.他们的系统基于PHP.我们希望交换信息以进行查找并将数据添加到相应的数据库中.这必须安全地完成，两个系统将是这个游戏中唯一的玩家.

My system is based on .net. Their system is based on PHP. We want to exchange information for lookups and to add data to the respective databases. This has to be done securely and the two systems will be the only players in this game.

我一直在做一些研究，但与安全相关的事情总是让我望而却步.我不得不承认，我在完全理解配置文件(WCF Web 服务站点中的 web.config)中的所有内容时遇到了一些麻烦.

I've been doing some research but things related to security always throws me off. I have to admit that I'm having some trouble fully understanding what everything is in the config file (web.config in the WCF web service site).

我从哪里开始确保他们安全地传输数据?假设我弄清楚了绑定内容，他们会发送我必须从他们的消息中提取的用户名和密码吗?客户端将连接到 https 地址.

Where do I start in ensuring that they transmit the data securely? Assuming I figure out the binding stuff, would they be sending a username and password that I will have to extract from their message? The client would be connecting to a https address.

推荐答案

回答这个问题的方法真的有很多...

There are really a lot of ways to answer this...

我认为他们的 PHP 应用程序将使用 SOAP 与您的 WCF 服务器通信?

I assume their PHP app will be communicating to your WCF server with SOAP?

因此，WCF 有 2 种保护事物的方法，在传输级别或在消息级别.基本上，如果您打开传输级别的安全性，那么它会加密整个连接.这意味着它将使用 HTTPS.这反过来意味着整个对话都是加密的，就像您以网络表单将信用卡信息发送到网站一样.它同样安全.替代方案是消息级别的安全性.这意味着，不是加密整个连接，而是通过未加密的普通 HTTP 进行通信，但实际消息本身将在通过网络传输之前进行加密.

So, WCF has 2 ways of securing things, at the Transport level or at the Message level. Basically if you turn on Transport level security, then it encrypts the entire connection. This means it would use HTTPS. This would in turn mean that the entire conversation is encrypted, just like if you were sending your credit card info to a web site in a web form. Its equally as secure. The alternative is Message level security. This means that instead of encrypting the entire connection, the communication will happen over plain unencrypted HTTP, but the actual message itself will be encrypted before being transmitted over the wire.

如果您的服务托管在 IIS 中，那么最简单的方法就是使用 BasicHttpBinding 并打开传输安全性.然后在 IIS 中，让它使用 SSL 证书和 HTTPS.

If your service is hosted in IIS, then the easiest thing to do is just use the BasicHttpBinding and turn on Transport security. Then in IIS, have it use an SSL certificate and HTTPS.

那将处理消息加密.除此之外，如果您需要将登录"作为用户名和密码来处理，WCF 有一种内置的方式来处理它.这可能会有所帮助:http://nirajrules.wordpress.com/2009/05/22/username-over-https-custombinding-with-wcf%E2%80%99s-channelfactory-interface/

That would handle the message encryption. Past that, if you need to handle a 'login' as a username and password, WCF has a built in way to handle that. This might help: http://nirajrules.wordpress.com/2009/05/22/username-over-https-custombinding-with-wcf%E2%80%99s-channelfactory-interface/

这篇关于如何安全地在 PHP 和 WCF 之间通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！