Step by step in WCF (4)

Source: Internet
Author: User

Step 4:

Discuss the security issues of WCF. And how to use the "Service Tracking queryer" tool.

There are more security issues in the WCF program, because messages need to be transmitted across the boundaries of the machine. encryption of messages is one aspect, and signature is another method. Generally, WCF includes transmission channel and message-level security. For example, https is a dedicated channel for transmission with higher security. The message level includes encryption and decryption.

I. Message-level TCP Service Protection

Example: message encryption bound to nettcpbinding. Add

<Nettcpbinding>
<Binding name = "productsclienttcpbindingconfig">
<Security mode = "message">
<Message algorithmsuite = "basic128"/>
</Security>
</Binding>
</Nettcpbinding>

Then, modify the endpoint of binding = nettcpbinding to specify the bindingconfiguration attribute = tcpbindingconfig, so that the bound messages are automatically encrypted and decrypted. In this way, you can use the service trace Viewer tool to view D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog (this address may need to be modified on your local machine) to check whether the message is actually encrypted.

The certificate is required for basic basichttpbinding-bound message encryption, Which is troublesome. However, the message encryption function is provided by default for message encryption bound to wshttpbinding. Therefore, you only need to provide an endpoint of wshttpbinding.

2. Protect an HTTP service at the transmission channel level

As mentioned above, transmission channel protection can be configured with HTTPS to enhance protection. It is troublesome to enable HTTPS to require certificate files. I will not describe it for the moment. I will try again later.

Iii. authentication and authorization

Authentication and authorization are an effective method for basic form verification and the most common verification method in web programs. WCF has good support for authentication and authorization, and this topic is also very extensive. Here is a simple demonstration of how the server obtains the Windows user name of the client.

(The following projects are based on the previous instances)

Open the productsservicehost project, right-click app. config, and choose edit WCF configuration> diagnosis> message logging. Set the attributes of logentiremessage, logmessagesatservicelevel, and logmessagesattransportlevel to true.

Diagnosis> source> new source. Name: system. servicemodel. messagelogging; Level: verbose.

Diagnosis> listener> new listener. Initdata: D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog; Name: messagelog; Source: (ADD) system. servicemodel. messagelogging.

OK. Use Microsoft Service trace viewer to configure the prerequisites. Open the file D: \ project \ ls. prj2011 \ productsservicehost \ productsservice. svclog to track the message.

Here, I want to find out what the message-level encryption mechanism is. Some settings are required.

Bind-> New BIND configuration. Name: productsservicetcpbindingconfig;-> Security. Mode: Message; algorithmsuite: basic128; messageclientcredentialtype: Windows and bindingconfiguration = "productsservicetcpbindingconfig"

For the client project productsclient, create and bind productsclienttcpbindingconfig. Other configurations are the same as those on the server.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.