WCF一步一步往前爬(五)
第五步:
WCF安全机制---续。
传输通道级别保护一个HTTP服务
1、在ProductsServiceHost项目app.config右键“编辑WCF配置”,新建一个绑定配置,类型为basicHttpBinding,名称ProductsServiceBasicHttpBindingConfig,Mode:Transport。
将终结点BasicHttpBinding_IProductsService的BindingConfigration设为ProductsServiceBasicHttpBindingConfig。
<basicHttpBinding>
<binding name="ProductsServiceBasicHttpBindingConfig">
<security mode="Transport" />
</binding>
</basicHttpBinding>
......
<endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
binding="basicHttpBinding" bindingConfiguration="ProductsServiceBasicHttpBindingConfig"
name="BasicHttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
2、在ProductsClient客户端项目app.config类似的设置
<binding name="ProductsClientBasicHttpBindingConfig">
<security mode="Transport" />
</binding>
......
<endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
binding="basicHttpBinding" bindingConfiguration="ProductsClientBasicHttpBindingConfig"
contract="ProductsService.IProductsService" name="BasicHttpBinding_IProductsService" />
接下来比较重要的就是用SSL证书,设置一个WCF HTTP 终结点
1、以管理的身份打开Visual Studio 命令提示(2010),在命令平台输入
makecert -sr LocalMachine -ss My -n CN=HTTPS-Server -sky exchange -sk HTTPS-Key
2、平台输出Succeeded,就可再输入mmc。在控制台,文件->添加或删除管理单元,在可用管理单元选择证书-〉添加-〉计算机账户-〉下一步,完成。然后你可以看到上面生成的证书,如图
3、双击HTTPS-Server,详细信息-〉指纹。把其十六进制值复制下来。
4、将ssl证书设置到http终结点上
netsh http add sslcert ipport=192.168.1.101:8000 certhash=a225882af2048f404a5bf235290f516fea7836f3 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
(注意ipport中ip地址是自己电脑的ip地址,用127.0.0.1也可以。但是服务端和客户端的终结点地址一点也是这个ip地址,不能是localhost)
5、新建类PermissiveCertificatePolicy
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;
namespace ProductsClient
{
class PermissiveCertificatePolicy
{
string subjectName;
static PermissiveCertificatePolicy currentPolicy;
PermissiveCertificatePolicy(string subjectName)
{
this.subjectName = subjectName;
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
}
public static void Enact(string subjectName)
{
currentPolicy = new PermissiveCertificatePolicy(subjectName);
}
bool RemoteCertValidate(object sender, X509Certificate cert,X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
if (cert.Subject == subjectName)
{
return true;
}
return false;
}
}
}
6、客户端
static void Main(string[] args)
{
Console.WriteLine("Press ENTER when the service has started");
Console.ReadLine();
// Create a proxy object and connect to the service
PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");
......
}
消息级别保护一个HTTP服务(使用WS2007HttpBinding)
1、添加一个WS2007HttpBinding_IProductsService终结点
<endpoint address="http://localhost:8010/ProductsService/Service.svc"
binding="ws2007HttpBinding"
name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
2、Visual Studio 命令提示(2010),在命令平台输入netsh http add urlacl url=http://localhost:8010/ProductsService user=UserName
3、客户端配置终结点
<endpoint address="http://localhost:8010/ProductsService/Service.svc"
binding="ws2007HttpBinding"
name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
4、客户端
static void Main(string[] args)
{
...
using (ProductsServiceClient proxy = new ProductsServiceClient("WS2007HttpBinding_IProductsService"))
// Test the operations in the service
...
}
在windows域内授权windows用户(使用basicHttpBinding)
1、该实例基于前面“传输通道级别保护一个HTTP服务”的代码基础上,修改ProductsServiceLibrary项目.引入PresentationFramework, PresentationCore,System.Xaml, 和WindowsBase组件。
public class ProductsServiceImpl : IProductsService
{
static IList<tblProduct> ps = Builder<tblProduct>.CreateListOfSize(50).Build();
static IList<tblProductInventory> pis = Builder<tblProductInventory>.CreateListOfSize(50).Build();
public List<string> ListProducts()
{
string userName = Thread.CurrentPrincipal.Identity.Name;
MessageBox.Show(string.Format("Username is {0}", userName),"ProductsService Authentication", MessageBoxButton.OK);
.......
}
2、项目ProductsServiceHost的配置文件ProductsServiceBasicHttpBindingConfig的TransportClientCredentialType设置为basic(或windows),项目ProductsClient的配置文件ProductsClientBasicHttpBindingConfig的TransportClientCredentialType设置为basic(或windows)。
static void Main(string[] args)
{
Console.WriteLine("Press ENTER when the service has started");
Console.ReadLine();
// Create a proxy object and connect to the service
PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");
using (ProductsServiceClient proxy = new ProductsServiceClient("BasicHttpBinding_IProductsService"))
{
try
{
proxy.ClientCredentials.UserName.UserName = "workgroup\\ls";
proxy.ClientCredentials.UserName.Password = "911";
........
}
UserName和Password 根据自己的电脑为准。
运行结果:
