前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode,并且clientCredentialType用的是certificate。
本文演示basicHttpbinding使用Transport Security Mode,并且clientCredentialType="None"。
(一)WCF 服务代码与配置文件
IDemoService.cs
using System.ServiceModel; namespace WCFDemo { [ServiceContract(Name = "IDemoService")] public interface IDemoService { [OperationContract] [FaultContract(typeof(DivideByZeroFault))] int Divide(int numerator, int denominator); } }
DemoService.cs
using System; using System.ServiceModel; using System.ServiceModel.Activation; namespace WCFDemo { [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class DemoService : IDemoService { public int Divide(int numerator, int denominator) { try { return numerator / denominator; } catch (DivideByZeroException ex) { DivideByZeroFault fault = new DivideByZeroFault(); fault.Error = ex.Message; fault.Detail = "Denominator cannot be ZERO!"; throw new FaultException<DivideByZeroFault>(fault); } } } }
完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》。
server web.config
<?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="basicBinding"> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </basicHttpBinding> </bindings> <services> <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior"> <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint> </service> </services> <behaviors> <serviceBehaviors> <behavior name="CustomBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> </configuration>
(二)为WCF Service application添加一个https binding。
具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》。
配置完https binding之后,双击SSL Settings
勾选Require SSL,点击Apply。
Http的Binding还是不可缺少,否则会出现下面的错误
(三)在客户端安装SSL根证书
由于https证书使用的是
所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc
在客户端,为C:\Windows\System32\Drivers\etc\host 添加一条记录
然后安装根证书
双击根证书文件,弹出证书属性的对话框,此时该根证书并不受信任,我们需要将其加入“受信任的根证书颁发机构”,点击安装证书
(四)客户端代码与配置文件
在客户端Visual Studio添加Service Reference
private void buttonCalculate_Click(object sender, EventArgs e) { try { textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString(); } catch (FaultException<DemoServiceReference.DivideByZeroFault> fault) { MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail); } }
client app.config
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_IDemoService"> <security mode="Transport" /> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService" contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" /> </client> </system.serviceModel> </configuration>
(五)运行代码,监听Message
使用Fiddler,发现消息全部加密
但是如果用Microsoft Service Trace Viewer查看Message Log(参见《使用WCF的Trace与Message Log功能 》),可以看到解密后的信息,因为它不是在wire上监听,而Fiddler是在wire上进行监听。
Request:
Response:
(六)总结
Transport Security Mode是传输协议级的加密,而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式,比如HTTP的加密方式就为SSL。
本文转自JF Zhu博客园博客,原文链接: http://www.cnblogs.com/jfzhu/p/4071342.html ,如需转载请自行联系原作者