WFC 安全性
WCF安全性主要是依靠bindingsbehaviors两个配置节设置的。因为binding可以绑定的协议很多,因此设置安全性的组合和很多,下面是设置netTcpBinding 绑定的windows验证和证书验证的两种方式,因为netTcpBindingIntranet中传输效率最高的,他的默认modetransport,该模式是对当前的信道加密。也可以该他的mode,通常如果是internet的话将mode改为message方式,这种方式是对消息加密或签名,可以具体到没有个方法加密和签名,因为有些非敏感的数据是不需要加密的。当IISWCF不是在同一台机器上的时候是需要设置安全性的,否则WCF是拒绝提供服务的,netTcpBinding的默认验证方式是windows验证,因为如果不设置的话是访问不了的。下面分别是两种方式的实现
第一种 windows验证
    Windows验证主要是需要验证当前请求服务的凭证里面是否提供当前WCF运行系统的用户名和密码,如果提供的用户名和密码不正确是访问不了服务的,设置凭证的方式是             tcpChannel.Credentials.Windows.ClientCredential =
                new System.Net.NetworkCredential("userName", "password", "domain");
主要提供用户名,密码和该用户所隶属于的域,相对方式比较简单。这种方式需要知道 WCF 服务所在机器的用户名和密码,相对是存在一定风险的。
配置文件
第二种 certificate 验证
     Certificate 验证是有 WCF 服务端产生一个证书,然后分给所有需要访问该服务的终端,只要有这个证书的客户端才能访问服务,这种方式主要用于 internet 方式。实现主要是增加 behaviors 配置节。
客户端的配置节:
< system.serviceModel >
    < behaviors >
      < endpointBehaviors >
        < behavior name = "CertificateBehavior">
          < clientCredentials >
-- 设置客户端凭证 findvalue: 在当前用户证书中所要找的证书名称
storeName: 证书方的位置,个人证书放在 My
storeLocation :证书存放在当前用户下或是本机下
x509FindType :设置根据对象名称来找证书
            < clientCertificate findValue = "Client1" storeName="My" storeLocation="CurrentUser" x509FindType="FindBySubjectName"/>
-- 设置服务端凭证,在这没有对服务端设置验证
            < serviceCertificate >
              < authentication certificateValidationMode = "None"/>
            serviceCertificate >
          clientCredentials >
        behavior >
      endpointBehaviors >
    behaviors >
    < client >
      < endpoint   address = "net.tcp://192.168.30.65:9002/TcpOBFService"  behaviorConfiguration="CertificateBehavior" binding="netTcpBinding" bindingConfiguration="netTcpEndPoint"  contract="OBF.Service.IOBFService" name="DefaultOBFService">
        < identity >
          < dns value = "MyServer"/>
        identity >
      endpoint >
    client >
     < bindings >
      < netTcpBinding   >
        < binding name = "netTcpEndPoint"  maxReceivedMessageSize="10000000" sendTimeout="00:03:00"  >
          < security mode = "Transport" >
-- clientCredentialType :设置验证的方式 Authentication
-- protectionLevel :设置信息的签名和加密,这样信息不会以明文传输
            < transport clientCredentialType = "Certificate" protectionLevel="EncryptAndSign" />
          security >
        binding >
      netTcpBinding >
    bindings >
  system.serviceModel >
服务器配置节 :
< system.serviceModel >
    < services >      < service   name = "OBF.Service.OBFService" behaviorConfiguration="MyServiceTypeBehaviors">
        < host >
          < baseAddresses >
            < add baseAddress = "http://192.168.30.65:9000/OBFService"/>
          baseAddresses >
        host >
        < endpoint contract = "OBF.Service.IOBFService"  binding="netTcpBinding" bindingConfiguration="netTcpEndPoint" address="net.tcp://localhost:9002/TcpOBFService"/>
      service >
    services >
    < bindings >
       < netTcpBinding >
        < binding name = "netTcpEndPoint" maxReceivedMessageSize="10000000" sendTimeout="00:03:00"  >
          < security mode = "Transport">
            < transport clientCredentialType = "Certificate" protectionLevel="EncryptAndSign"/>
          security >
        binding >
      netTcpBinding >
    bindings >
    < behaviors >
      < serviceBehaviors >
        < behavior name = "MyServiceTypeBehaviors">
          < serviceMetadata httpGetEnabled = "true" httpGetUrl="http://192.168.30.65:9001/OBFService"/>
          < serviceDebug includeExceptionDetailInFaults = "true"/>
          < serviceCredentials >
            < clientCertificate >   指定服务器验证的类 -->
              < authentication certificateValidationMode = "Custom" customCertificateValidatorType="OBF.TestServiceHost.CustomX509CertificateValidator,OBF.TestServiceHost"/>
            clientCertificate >
            < serviceCertificate findValue = "MyServer" storeName="My" storeLocation="CurrentUser" x509FindType="FindBySubjectName"/>
          serviceCredentials >
        behavior >
      serviceBehaviors >
    behaviors >
  system.serviceModel >