WCF一步一步往前爬(五)

第五步:

WCF安全机制---续。

传输通道级别保护一个HTTP服务

1、在ProductsServiceHost项目app.config右键“编辑WCF配置”,新建一个绑定配置,类型为basicHttpBinding,名称ProductsServiceBasicHttpBindingConfig,Mode:Transport。

将终结点BasicHttpBinding_IProductsService的BindingConfigration设为ProductsServiceBasicHttpBindingConfig。

        <basicHttpBinding>
          <binding name="ProductsServiceBasicHttpBindingConfig">
            <security mode="Transport" />
          </binding>
        </basicHttpBinding>

......

       <endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
            binding="basicHttpBinding" bindingConfiguration="ProductsServiceBasicHttpBindingConfig"
            name="BasicHttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />

2、在ProductsClient客户端项目app.config类似的设置

        <binding name="ProductsClientBasicHttpBindingConfig">
                    <security mode="Transport" />
         </binding>

......

          <endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
                binding="basicHttpBinding" bindingConfiguration="ProductsClientBasicHttpBindingConfig"
                contract="ProductsService.IProductsService" name="BasicHttpBinding_IProductsService" />

接下来比较重要的就是用SSL证书,设置一个WCF HTTP 终结点

1、以管理的身份打开Visual Studio 命令提示(2010),在命令平台输入

makecert -sr LocalMachine -ss My -n CN=HTTPS-Server -sky exchange -sk HTTPS-Key

2、平台输出Succeeded,就可再输入mmc。在控制台,文件->添加或删除管理单元,在可用管理单元选择证书-〉添加-〉计算机账户-〉下一步,完成。然后你可以看到上面生成的证书,如图

 

3、双击HTTPS-Server,详细信息-〉指纹。把其十六进制值复制下来。

 

4、将ssl证书设置到http终结点上

netsh http add sslcert ipport=192.168.1.101:8000 certhash=‎a225882af2048f404a5bf235290f516fea7836f3 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

(注意ipport中ip地址是自己电脑的ip地址,用127.0.0.1也可以。但是服务端和客户端的终结点地址一点也是这个ip地址,不能是localhost)

5、新建类PermissiveCertificatePolicy

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;

namespace ProductsClient
{
    class PermissiveCertificatePolicy
    {
        string subjectName;
        static PermissiveCertificatePolicy currentPolicy;
        PermissiveCertificatePolicy(string subjectName)
        {
            this.subjectName = subjectName;
            ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
        }
        public static void Enact(string subjectName)
        {
            currentPolicy = new PermissiveCertificatePolicy(subjectName);
        }
        bool RemoteCertValidate(object sender, X509Certificate cert,X509Chain chain, System.Net.Security.SslPolicyErrors error)
        {
            if (cert.Subject == subjectName)
            {
                return true;
            }
            return false;
        }
    }
}

6、客户端

   static void Main(string[] args)
        {
            Console.WriteLine("Press ENTER when the service has started");
            Console.ReadLine();
            // Create a proxy object and connect to the service
            PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");

......

}

 

消息级别保护一个HTTP服务(使用WS2007HttpBinding)

 

1、添加一个WS2007HttpBinding_IProductsService终结点

     <endpoint address="http://localhost:8010/ProductsService/Service.svc"
           binding="ws2007HttpBinding"
           name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />

2、Visual Studio 命令提示(2010),在命令平台输入netsh http add urlacl url=http://localhost:8010/ProductsService user=UserName

3、客户端配置终结点

<endpoint address="http://localhost:8010/ProductsService/Service.svc"
           binding="ws2007HttpBinding"
           name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />

4、客户端

static void Main(string[] args)
{
...
 using (ProductsServiceClient proxy = new ProductsServiceClient("WS2007HttpBinding_IProductsService"))

// Test the operations in the service
...
}

 

在windows域内授权windows用户(使用basicHttpBinding)

1、该实例基于前面“传输通道级别保护一个HTTP服务”的代码基础上,修改ProductsServiceLibrary项目.引入PresentationFramework, PresentationCore,System.Xaml, 和WindowsBase组件。

    public class ProductsServiceImpl : IProductsService
    {
        static IList<tblProduct> ps = Builder<tblProduct>.CreateListOfSize(50).Build();
        static IList<tblProductInventory> pis = Builder<tblProductInventory>.CreateListOfSize(50).Build();

        public List<string> ListProducts()
        {
            string userName = Thread.CurrentPrincipal.Identity.Name;
            MessageBox.Show(string.Format("Username is {0}", userName),"ProductsService Authentication", MessageBoxButton.OK);

.......

     }

 2、项目ProductsServiceHost的配置文件ProductsServiceBasicHttpBindingConfig的TransportClientCredentialType设置为basic(或windows),项目ProductsClient的配置文件ProductsClientBasicHttpBindingConfig的TransportClientCredentialType设置为basic(或windows)。

       static void Main(string[] args)
        {

          

           Console.WriteLine("Press ENTER when the service has started");
            Console.ReadLine();
            // Create a proxy object and connect to the service
            PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");

            using (ProductsServiceClient proxy = new ProductsServiceClient("BasicHttpBinding_IProductsService"))
            {
                try
                {
                    proxy.ClientCredentials.UserName.UserName = "workgroup\\ls";
                    proxy.ClientCredentials.UserName.Password = "911";

              ........

        }

UserName和Password 根据自己的电脑为准。

运行结果:

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

leesmn

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值