<basicHttpBinding> 的 <message>
定義 <basicHttpBinding> 的訊息層級安全性設定。
結構描述階層
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding>
<basicHttpBinding> 的 <security>
<basicHttpBinding> 的 <message>
語法
<message
algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
clientCredentialType="UserName/Certificate"/>
屬性和元素
下列各節說明屬性、子項目和父項目。
屬性
| 屬性 | 描述 |
|---|---|
algorithmSuite |
設定訊息加密和金鑰包裝演算法。 此屬性的型別為 SecurityAlgorithmSuite,它會指定演算法和金鑰大小。 這些演算法會對應至安全性原則語言 (WS-SecurityPolicy) 規格中指定的演算法。 預設值為 Basic256。 |
clientCredentialType |
指定當使用訊息安全性執行用戶端驗證時,要使用的認證類型。 預設為 UserName。 |
項目子系
無
父項目
| 項目 | 描述 |
|---|---|
定義 <basicHttpBinding> 的安全性功能。 |
範例
這個範例會示範如何實作一個使用 basicHttpBinding 和訊息安全性的應用程式。 在下列服務組態範例中,端點定義會指定 basicHttpBinding,並參考名為 Binding1 的繫結組態。 服務對用戶端驗證它自己時所使用的憑證是在組態檔案 behaviors 區段中的 serviceCredentials 項目下設定。 用戶端用來對服務驗證本身之憑證所套用的驗證模式,也是在 clientCertificate 項目下的 behaviors 區段中設定。
相同的繫結和安全性詳細資訊是在用戶端組態檔中設定。
<system.serviceModel>
<services>
<service name="Microsoft.ServiceModel.Samples.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost:8000/ServiceModelSamples/service"/>
</baseAddresses>
</host>
<!-- this endpoint is exposed at the base address provided by host: https://localhost:8000/ServiceModelSamples/service -->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="Binding1"
contract="Microsoft.ServiceModel.Samples.ICalculator" />
<!-- the mex endpoint is exposed at https://localhost:8000/ServiceModelSamples/service/mex -->
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<!--
This configuration defines the SecurityMode as Message and
the clientCredentialType as Certificate.
-->
<binding name="Binding1" >
<security mode = "Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true-->
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
<!--
The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions.
-->
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<!--
Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it will be trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having to have certificates issued by a certification authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code.
-->
<authentication certificateValidationMode="PeerOrChainTrust" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
另請參閱
參考
BasicHttpMessageSecurity
Message
Message
BasicHttpMessageSecurityElement
概念
其他資源
Securing Services and Clients
Windows Communication Foundation Bindings
Configuring System-Provided Bindings
Using Bindings to Configure Services and Clients