Step 4:
Discuss the security issues of WCF. And how to use the "Service Tracking queryer" tool.
There are more security issues in the WCF program, because messages need to be transmitted across the boundaries of the machine. encryption of messages is one aspect, and signature is another method. Generally, WCF includes transmission channel and message-level security. For example, https is a dedicated channel for transmission with higher security. The message level includes encryption and decryption.
I. Message-level TCP Service Protection
Example: message encryption bound to nettcpbinding. Add
<Nettcpbinding>
<Binding name = "productsclienttcpbindingconfig">
<Security mode = "message">
<Message algorithmsuite = "basic128"/>
</Security>
</Binding>
</Nettcpbinding>
Then, modify the endpoint of binding = nettcpbinding to specify the bindingconfiguration attribute = tcpbindingconfig, so that the bound messages are automatically encrypted and decrypted. In this way, you can use the service trace Viewer tool to view D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog (this address may need to be modified on your local machine) to check whether the message is actually encrypted.
The certificate is required for basic basichttpbinding-bound message encryption, Which is troublesome. However, the message encryption function is provided by default for message encryption bound to wshttpbinding. Therefore, you only need to provide an endpoint of wshttpbinding.
2. Protect an HTTP service at the transmission channel level
As mentioned above, transmission channel protection can be configured with HTTPS to enhance protection. It is troublesome to enable HTTPS to require certificate files. I will not describe it for the moment. I will try again later.
Iii. authentication and authorization
Authentication and authorization are an effective method for basic form verification and the most common verification method in web programs. WCF has good support for authentication and authorization, and this topic is also very extensive. Here is a simple demonstration of how the server obtains the Windows user name of the client.
(The following projects are based on the previous instances)
Open the productsservicehost project, right-click app. config, and choose edit WCF configuration> diagnosis> message logging. Set the attributes of logentiremessage, logmessagesatservicelevel, and logmessagesattransportlevel to true.
Diagnosis> source> new source. Name: system. servicemodel. messagelogging; Level: verbose.
Diagnosis> listener> new listener. Initdata: D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog; Name: messagelog; Source: (ADD) system. servicemodel. messagelogging.
OK. Use Microsoft Service trace viewer to configure the prerequisites. Open the file D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog to track the message.
Here, I want to find out what the message-level encryption mechanism is. Some settings are required.
Bind-> New BIND configuration. Name: productsservicetcpbindingconfig;-> Security. Mode: Message; algorithmsuite: basic128; messageclientcredentialtype: Windows and bindingconfiguration = "productsservicetcpbindingconfig"
For the client project productsclient, create and bind productsclienttcpbindingconfig. Other configurations are the same as those on the server.