WCF 服务客户端不使用安全措施

最新推荐文章于 2021-08-12 10:08:50 发布

江寒雪

最新推荐文章于 2021-08-12 10:08:50 发布

阅读量1.2k

点赞数

分类专栏： .Net 文章标签： WCF Security Mode Basic256 aes256-cbc

本文链接：https://blog.csdn.net/tz2101/article/details/37499753

版权

.Net 专栏收录该内容

19 篇文章 1 订阅

订阅专栏

微软的WCF，太多概念，但是不接地气，只会把别人弄晕掉。感觉，WCF把简单的东西弄复杂。简单的WCF例子抓包发现居然是加密的，

如下：

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_2">http://tempuri.org/IUserInforContract/ShowUserNameAgeResponse
</a:Action>
<a:RelatesTo u:Id="_3">urn:uuid:bb40484b-870c-420d-af2a-1cde14f1b590
</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-e9407cef-37d2-4fc0-97be-9c936b318db5-47">
<u:Created>2014-07-07T00:41:15.731Z
</u:Created>
<u:Expires>2014-07-07T00:46:15.731Z
</u:Expires>
</u:Timestamp>
<c:DerivedKeyToken u:Id="uuid-e9407cef-37d2-4fc0-97be-9c936b318db5-45" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<o:SecurityTokenReference>
<o:Reference URI="urn:uuid:d696d727-edd0-4022-a0a2-7a1f62c76f62" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
<c:Offset>0
</c:Offset>
<c:Length>24
</c:Length>
<c:Nonce>n6QXAmsFk8jz/LEgcFuCmw==
</c:Nonce>
</c:DerivedKeyToken>
<c:DerivedKeyToken u:Id="uuid-e9407cef-37d2-4fc0-97be-9c936b318db5-46" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<o:SecurityTokenReference>
<o:Reference URI="urn:uuid:d696d727-edd0-4022-a0a2-7a1f62c76f62" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
<c:Nonce>J3z5F8ulXZl7n/qdhz0DrQ==
</c:Nonce>
</c:DerivedKeyToken>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_1"/>
<e:DataReference URI="#_4"/>
</e:ReferenceList>
<e:EncryptedData Id="_4" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#uuid-e9407cef-37d2-4fc0-97be-9c936b318db5-46"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>q23lXrUNeHPGTdiV8Cmi1rfhmkmII+EuOi3C8pTMN/YooyA0R+OAiJncEYNsCrrkCDeXA2ZV//URe+hCMxiLDvSVwLqzPWHaaXwkBuRUeH7c1ARreBqrFlBRpEgdmiLeln/6GvtmOtlGaUNqygzOCK/1JKIHptrLyoWUnF5TgwwCRKqOG0mwT2DkAYOzTupCyrR3mJZahuHPARebOxjJKuJ0o/IcUAnI9dQoohuioV05dkxX/Yd1RcX3PMJWPAjGNEOph0aL1A/x2SwuviRzR1opJwYG4p+FQ4ZWaSC8iaLwYuS9ul4cgia0hfnY5yT/vgWVPAruGYUE/CFZzk7I67FowXRgNUYA9nzNa1qdtd1jaLqSKntTSfr+JbNcVT+kjFmvsWKGCeIu/uzXm02DbRAs6qJrc2rbM76ZnsKRCkoAsjMltsUGuRleGN/t6mck952/P9/Yq1zy15f1vkG9Wq8jfrBoumjHl279P3xAxRYAUSUJkCIYyQ8gbM/qwj++s+aCNg74mL3ItfSYJP8StIsS0NRgAoSOxoaiRz+Qq+46RDboOpM8JjronpdYEJjUFDp3SzpbYCDPFNtHLXAJfTr06fCpsOX8h+EOVO4E5PYMJWH3Ps/OO8JaNhTyRVnK3kA1/3v/LGkhxLTYxENzVC6uhW6t/kzCWh8nkIW7WADQ2/X2aeH3RIt2Kenp+kRcYYLFYahGZm7WJ+dy95yaGWdhyXW/uB3BZLv7PPMKoX373HdeLqtm0q2cb4xfhIchrusqN3r10KA/FvpeIN0H4ycFCzsQoIg+AvVhRZL07vNhmq4W9fkEj56ricBXuJSMaiNslifGSuWxXt1uf0aHAzBPj709kWXRupjxqYRyMIZS6un8Z0KdT/5LKEUg88r6rjMhWc4QFADOm2w066+OM1Jtui6b/dqODPBwGaZnipJBloE+HES7Z3FplEociBjvTkFLBK6EH107WINQl6Bo/8UtHcaVZ1mk7IDiK9XcpXploQN0C5jasEmCO2DQ+KulK+urXk+CQCJHZpC07YrW0DdNKncr0Kaze3oigfkTsFLgUx3YkqHw1zhAdrNf50LY9s4wX1YDQh8QpdiC6R3Tk8OH4dnDuqhe5OwclnOwMNf9GXzt4adk/U/JQg3uPDU6GzSptSOYApS5A4Ji6uxhkkB459LidyUZBKijpxvbRow4cYDRXiE8h4OLAuJs5ThOSYrV52eNKvwvrhTyVF4OJdo3jW7uKsu5JmzT1xz5so1IiYM0LWdLYCsskmL0D2m4rmprRobNiL9lpczKkytB6gOeMIsNwDYe7GlWxmOaQ5lObEqBNpHSn5R/aXZBCgIxtJU6kwLe3PU0PmBI92LYF0Odu7IoBHFLt4Ba1MgOQK/efNWxO8ydQQhHc9O9aETaEggIK+NXu1vW2mQ3K7+8fxXKll66sx8wjr1y6Zc5+VtdO1x7IMoykO1Ds7LV6wZBb6Ij6cNPlwNsFEr8Gs7iTX5rIlggVVLs1lMuv3tw4MQA7BNdVZB80erqPVfM2QYstdKSCojKOsWgteQgjNEV1M/X2sCKF3HzIYxqrWDRZngSCXmFA/EJ6IcC+rL0v90gHMczT2MzAB1qk5HjlnA1Y0sEMkp5TOVo5e3tOoY/zBNwpgHAZ6FwNk/jE+bmF/0MJvtprc2gI8/3Oji3hDp9NoAfPfMMFoMauItLDgYBOQrQzn3dKnsnr++WfX3C1ziaM5kPaZdkZkFUofG7xglzSheeyqLCVf+hwRtYhFPohIWN7fMkGyjiQwOt6H0ImKYKkcYbR1ql1/0amCoZ/kla8v90zdKdDp1LJHKYBZRnkjB349PQnI9fULZkS1d1QSRTy25Jbh3RovR0FIwWjeo3Pd95M6nKsOO9hIaENFAp3tJB2esg9kbbyKpXYNz7jrBYO/y2orfMgE7CsY6CW6x1Nyr3Di4yV2vS0Eqtdv8ILrI8aYbwWzfBCvNIbMk8S+wgDLbTyZ/3+B3YQ5rUhsDYYX112cVwyJnCBVBot/7FkJnkAh30WDjEyfmDqQDzP4HmbWD7O3DoyG6LwzBVP0QYNohASplbiKfkDjAzBd7nSwNViiUsOKRMG/nKhM16tN64IjVky40TgtTP4Kp64TG3aL4n2yxXMCT/MBWvlVcuRF9+0tgcdIPVhsiMT6By5hIb
</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_0">
<e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#uuid-e9407cef-37d2-4fc0-97be-9c936b318db5-46"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>s1YIqAxwxWl5o8z0O5z0neVtzsVZJ0mGel7/zHKmTBKnACKApI+ButCJAed354ATj5MhbxPnwJHfoPyI5Oi2s3QGQsKVwfo0STdMZqM1+llT/7jz/1fFwWBRoT+rOcUmOX3JxNSZhewOEBup98uUL4JvZFdzLdZyItDuXY2V7LDIDHiTRyGGU0eBsD7ldWJaxDlG284302hXKjl09rj96Ob0v1QiXLmX+EXAJ1KTtLTf1/ks0UfqSHQjQcGznQ0L
</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>

如果不想有加密的服务和客户端，需要两边都设置配置文件：

服务端如下：

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="">
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name ="MyWsHttpBinding">
          <security mode="None">
            <transport clientCredentialType="None"/>
            <message clientCredentialType="None"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="WcfDemo.Service.UserInforContractService">
        <endpoint binding="wsHttpBinding" contract="WcfDemo.Service.Interface.IUserInforContract"
                  bindingConfiguration="MyWsHttpBinding">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

      </service>
    </services>
  </system.serviceModel>
</configuration>

客户端如下：

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_IUserInforContract" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
            bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
            allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
              enabled="false" />
          <security mode="None">
            <transport clientCredentialType="None" />
            <message clientCredentialType="None"  />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:12333/WcfServices/WcfUserService.svc"
          binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IUserInforContract"
          contract="WcfRefer.IUserInforContract" name="WSHttpBinding_IUserInforContract">
        <identity>
          <dns value="localhost" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>

重点是 security mode的设置。

WCF 提供了 5 种不同的安全方式来实现上述三个安全目标。

None: 不采取任何安全措施，仅适合在内部安全环境使用。
Transport: 在传输协议级别上对通道的所有通讯进行加密，可使用的通讯协议包括 HTTPS、TCP、IPC 和 MSMQ。优点是应用广泛，多平台支持，实施方便简单，效率极高，适合高吞吐量的服务使用；缺点是只能实现点对点(point-to-point)的消息安全，在使用中介连接(Proxy)时可能会泄漏消息内容，比较适用于于 Intranet 或直接连接的环境。
Message: 通过相关标准(如 WS-Security)直接对消息进行加密来达到安全目的。优点是能实现端到端(end-to-end)的安全传输，不存在中介安全隐患，且扩展性较好。因采取工业安全标准，所以整合能力更强，适用于 Internet 服务。缺点是比 Transport 效率要低一些。
Mixed(TransportWithMessageCredential): 混合了上面两种方式。使用 Transport 方式完成消息完整性、消息机密性以及服务器认证，而使用 Message 方式完成客户端认证。
Both: 使用 Transport 和 Message 共同完成所有的安全过程，比较恐怖，性能低下，只有 NetMsmqBinding 支持这一安全方式。

默认的Message采用的Basic256加密。

希望后来人看到少走弯路... ...