<basicHttpBinding> 的 <message>
定义 <basicHttpBinding>的消息级安全性设置。
架构层次结构
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding>
<basicHttpBinding> 的 <security>
<basicHttpBinding> 的 <message>
语法
<message
algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
clientCredentialType="UserName/Certificate"/>
属性和元素
以下几节描述了特性、子元素和父元素
属性
| 特性 | 说明 |
|---|---|
algorithmSuite |
设置消息加密和密钥包装算法。此属性类型为 SecurityAlgorithmSuite,用于指定算法和密钥大小。这些算法映射到安全策略语言 (WS-SecurityPolicy) 规范中指定的算法。 默认值为 Basic256。 |
clientCredentialType |
指定要在使用基于消息的安全性执行客户端身份验证时使用的凭据类型。默认值为 UserName。 |
子元素
无
父元素
| 元素 | 说明 |
|---|---|
定义 <basicHttpBinding>的安全功能。 |
示例
此示例演示如何实现使用 basicHttpBinding 和消息安全性的应用程序。在下面的服务配置示例中,终结点定义将指定 basicHttpBinding 并引用名为 Binding1 的绑定配置。服务用于向客户端验证自己身份的证书是在配置文件的 behaviors 节中 serviceCredentials 元素的下面设置的。应用于证书(客户端使用该证书向服务验证自己的身份)的验证模式也是在 behaviors 节中 clientCertificate 元素的下面设置的。
在客户端配置文件中指定同样的绑定和安全详细信息。
<system.serviceModel>
<services>
<service name="Microsoft.ServiceModel.Samples.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost:8000/ServiceModelSamples/service"/>
</baseAddresses>
</host>
<!-- this endpoint is exposed at the base address provided by host: https://localhost:8000/ServiceModelSamples/service -->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="Binding1"
contract="Microsoft.ServiceModel.Samples.ICalculator" />
<!-- the mex endpoint is exposed at https://localhost:8000/ServiceModelSamples/service/mex -->
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<!--
This configuration defines the SecurityMode as Message and
the clientCredentialType as Certificate.
-->
<binding name="Binding1" >
<security mode = "Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true-->
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
<!--
The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions.
-->
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it will be trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having to have certificates issued by a certification authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
另请参见
参考
BasicHttpMessageSecurity
Message
Message
BasicHttpMessageSecurityElement
概念
其他资源
Securing Services and Clients
Windows Communication Foundation Bindings
Configuring System-Provided Bindings
Using Bindings to Configure Services and Clients