WCF netTCPBinding [英] WCF netTCPBinding
问题描述
WCF 的 netTCPBinding 是默认安全的".据我了解,这意味着..
WCF's netTCPBinding is "secured by default". As I understand it this means that..
- 呼叫者使用他们的 Windows 凭据进行身份验证.
- 消息已签名
- 消息已加密.
但是,我可以在我的本地主机上设置一个非常基本的 WCF 客户端服务.身份验证将在同一台机器上进行,但签名和加密如何工作?
However, I can set up a very basic WCF client service set up on my localhost. The authentication will work as its on the same machine, but how does the signing and encryption work?
WCF 需要证书来对消息进行签名和加密.如果我没有证书,那么我的服务如何运作?消息是如何被签名和加密的——即使只是发送到同一台机器上.
WCF needs a certificate to sign and encrypt messages. If I dont have a certificate then how does my service manage to work? How does the message - even just going to the same machine get signed and encrypted.
谢谢.
推荐答案
默认情况下,NetTcpBinding 使用传输安全,具有您列出的默认特征.
By default the NetTcpBinding uses Transport security, with the default characteristics you list.
在此上下文中对消息进行签名和加密与消息安全中的含义不同.相反,它意味着通过网络传输发送的所有数据包都经过签名和加密.这不依赖于证书.它由安装在发送和接收机器上的操作系统中的安全提供程序完成,通过 SSPI 调用 (安全支持提供程序接口) - 涉及的机制相同,例如,当域凭据用于访问某些资源(例如网络上不同机器上的文件)时.
Signing and encryption of messages in this context does not mean the same thing as in Message security. Rather it means that all the packets of data sent over the network transport are signed and encrypted. This does not rely on certificates. It is done by security providers installed in the operating system on the sending and receiving machines, invoked via SSPI (Security Support Provider Interface) - the same mechanism involved, for example, when a domain credential is used to access some resource such as a file on a different machine on the network.
在连接上发送任何应用程序数据之前,绑定会协调发送方和接收方之间的 SSPI 握手,指定 Negotiate 安全包(这将选择 NTLM 或 Kerberos 作为实际安全协议,取决于各自主机的能力).作为此握手的一部分,安全令牌通过连接进行交换,在握手结束时,双方的安全提供者将有商定的会话密钥,用于对随后的应用程序消息进行签名和加密.
Before any application data is sent on a connection, the binding orchestrates an SSPI handshake between the sender and receiver, specifying the Negotiate security package (this chooses either NTLM or Kerberos as the actual security protocol, depending on the capabilities of the respective host machines). Security tokens are exchanged over the connection as part of this handshake, at the end of which the two sides' security providers will have agreed session keys for use in the signing and encryption of the ensuing application messages.
这篇关于WCF netTCPBinding的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
