从 .Net 2.0 客户端调用 WCF 服务时如何配置安全性 [英] How to configure security when calling WCF Service from .Net 2.0 Client
问题描述
我启动并运行了一个 WCF 服务,并且能够使用 basicHttpBinding 在该服务和 .Net 2.0 客户端之间进行通信.
I have a WCF service up and running and am able to communicate between the service and a .Net 2.0 Client using basicHttpBinding.
我现在需要锁定 WCF 服务,使其只能由经过身份验证的客户端调用.
I now need to lock down the WCF service so that it can only be called by authenticated clients.
我可以控制将调用我的服务的客户端.客户端是将安装在野外并打电话回家"以推送和拉取数据的产品的一部分.客户端应用程序是为 .Net 2.0 框架编写的,目前无法升级到 3.0 或 3.5.我无法将 Windows 用户帐户添加到客户端计算机.
I have control over the clients that will be calling my service. The clients are part of a product that will be installed in the wild and "phoning home" to push and pull data. The client app is written for .Net 2.0 framework and cannot be upgraded to 3.0 or 3.5 at this time. I cannot add windows user accounts to the client machines.
我有哪些选择来保护 WCF 服务并能够从我的 .Net 2.0 客户端进行身份验证?此外,数据需要通过 https 传递.
What are my options for securing the WCF Service and being able to authenticate from my .Net 2.0 clients? Also, data needs to be passed over https.
我一直在网上搜索,感觉就像是在疯狂追逐.
I've been searching the web, and feel like I'm on a wild goose chase.
推荐答案
您可以将 WCF 端点配置为使用2 路 SSL 身份验证.这意味着您可以要求客户在向服务提出请求时出示 X.509 证书以确认其身份.
在服务器端,您可以使用 WCF 中的内置验证方案之一或提供您自己的验证逻辑来检查 X.509 证书.
如果您在 IIS 中托管您的服务,那么配置 SSL 以要求传输级别的客户端证书将是微不足道的.但是,您可以在此处找到有关如何在自托管 WCF 服务中实现此行为的良好指南:
You can configure a WCF endpoint to use 2-way SSL authentication. That means that you can require clients to present an X.509 certificate that confirms their identity whenever they make a request to the service.
On the server side of things, you can use one of the built-in validation schemes in WCF or provide your own validation logic to check the X.509 certificate.
If you were hosting your service in IIS, it would be trivial to configure SSL to require client certificates at the transport-level. However, you can find a good guide on how to implement this behaviour in a self-hosted WCF service here:
http://leastprivilege.com/2007/08/25/certificate-based-authentication-and-wcf-message-security/
我自己没有尝试过,但是,由于这在消息级别创建了安全要求,我认为您必须使用 wsHttpBinding 来强制执行它您的 WSDL 合同,因为对访问 Web 服务施加安全要求是 WS-* 标准的一部分.
I haven't tried this myself but, since this creates a security requirement at the message-level, I think you will have to use wsHttpBinding to enforce it in your WSDL contract, since imposing security requirements to access a web service is part of the WS-* standards.
如果你必须使用basicHttpBinding,你可以试试这个解决方案,在传输级别上移动:
If you have to use basicHttpBinding, you can try this solution instead that moves things up at the transport-level:
http://leastprivilege.com/2007/08/26/certificate-based-authentication-and-wcf-mode-independent/
希望能帮到你
这篇关于从 .Net 2.0 客户端调用 WCF 服务时如何配置安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
