通过基本身份验证确保的传输安全
下图显示了 Windows Communication Foundation (WCF) 服务和客户端。 服务器需要一个有效的可用于安全套接字层 (SSL) 的 X.509 证书,并且客户端必须信任此服务器证书。 而且,Web 服务已经有了一个可以使用的 SSL 实现。 有关在 Internet Information Services (IIS) 上启用基本身份验证的详细信息,请参阅基本身份验证。
| 特征 | 说明 |
|---|---|
| 安全模式 | Transport |
| 互操作性 | 与现有的 Web 服务客户端和服务进行互操作 |
| 身份验证(服务器) 身份验证(客户端) |
是(使用 HTTPS) 是(通过用户名/密码) |
| 完整性 | 是 |
| 机密性 | 是 |
| Transport | HTTPS |
| 绑定 | WSHttpBinding |
服务
下面的代码和配置应独立运行。 执行下列操作之一:
使用代码(而不使用配置)创建独立服务。
使用提供的配置创建服务,但不定义任何终结点。
代码
下面的代码演示如何创建使用 Windows 域用户名和密码确保传输安全的服务终结点。 请注意,此服务要求使用 X.509 证书向客户端进行身份验证。 有关详细信息,请参阅使用证书和如何:使用 SSL 证书配置端口。
// Create the binding.
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
// Create the URI for the endpoint.
Uri httpUri = new Uri("https://localhost/Calculator");
// Create the service host and add an endpoint.
ServiceHost myServiceHost = new ServiceHost(
typeof(ServiceModel.Calculator), httpUri);
myServiceHost.AddServiceEndpoint(
typeof(ServiceModel.ICalculator), binding, "");
// Open the service.
myServiceHost.Open();
Console.WriteLine("Listening...");
Console.WriteLine("Press Enter to exit.");
Console.ReadLine();
// Close the service.
myServiceHost.Close();
' Create the binding.
Dim binding As New WSHttpBinding()
binding.Security.Mode = SecurityMode.Transport
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic
' Create the URI for the endpoint.
Dim httpUri As New Uri("https://localhost/Calculator")
' Create the service host and add an endpoint.
Dim myServiceHost As New ServiceHost(GetType(ServiceModel.Calculator), httpUri)
myServiceHost.AddServiceEndpoint(GetType(ServiceModel.ICalculator), binding, "")
' Open the service.
myServiceHost.Open()
Console.WriteLine("Listening...")
Console.WriteLine("Press Enter to exit.")
Console.ReadLine()
' Close the service.
myServiceHost.Close()
Configuration
下面将配置一个服务以使用具有传输级安全的基本身份验证:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="UsernameWithTransport">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="BasicAuthentication.Calculator">
<endpoint address="https://localhost/Calculator"
binding="wsHttpBinding"
bindingConfiguration="UsernameWithTransport"
name="BasicEndpoint"
contract="BasicAuthentication.ICalculator" />
</service>
</services>
</system.serviceModel>
</configuration>
客户端
代码
下面的代码演示包括用户名和密码在内的客户端代码。 请注意,此用户必须提供一个有效的 Windows 用户名和密码。 此处不显示用于返回用户名和密码的代码。 使用对话框或其他界面来查询用户的相关信息。
备注
用户名和密码只能使用代码进行设置。
// Create the binding.
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
// Create the endpoint address. Note that the machine name
// must match the subject or DNS field of the X.509 certificate
// used to authenticate the service.
EndpointAddress ea = new
EndpointAddress("https://machineName/Calculator");
// Create the client. The code for the calculator
// client is not shown here. See the sample applications
// for examples of the calculator code.
CalculatorClient cc =
new CalculatorClient(myBinding, ea);
// The client must provide a user name and password. The code
// to return the user name and password is not shown here. Use
// a database to store the user name and passwords, or use the
// ASP.NET Membership provider database.
cc.ClientCredentials.UserName.UserName = ReturnUsername();
cc.ClientCredentials.UserName.Password = ReturnPassword();
try
{
// Begin using the client.
cc.Open();
Console.WriteLine(cc.Add(100, 11));
Console.ReadLine();
// Close the client.
cc.Close();
}
' Create the binding.
Dim myBinding As New WSHttpBinding()
myBinding.Security.Mode = SecurityMode.Transport
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic
' Create the endpoint address. Note that the machine name
' must match the subject or DNS field of the X.509 certificate
' used to authenticate the service.
Dim ea As New EndpointAddress("https://machineName/Calculator")
' Create the client. The code for the calculator
' client is not shown here. See the sample applications
' for examples of the calculator code.
Dim cc As New CalculatorClient(myBinding, ea)
' The client must provide a user name and password. The code
' to return the user name and password is not shown here. Use
' a database to store the user name and passwords, or use the
' ASP.NET Membership provider database.
cc.ClientCredentials.UserName.UserName = ReturnUsername()
cc.ClientCredentials.UserName.Password = ReturnPassword()
' Begin using the client.
Try
cc.Open()
Console.WriteLine(cc.Add(100, 11))
Console.ReadLine()
' Close the client.
cc.Close()
Catch tex As TimeoutException
Console.WriteLine(tex.Message)
cc.Abort()
Catch cex As CommunicationException
Console.WriteLine(cex.Message)
cc.Abort()
Finally
Console.WriteLine("Closed the client")
Console.ReadLine()
End Try
Configuration
下面的代码演示客户端配置。
备注
不能使用配置来设置用户名和密码。 此处显示的配置必须使用代码进行扩充以设置用户名和密码。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" >
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://machineName/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
contract="ICalculator"
name="WSHttpBinding_ICalculator" />
</client>
</system.serviceModel>
</configuration>