1. Transfer Security
Transfer security includes three main aspects: message integrity (Messages Integrity), message confidentiality (messages confidentiality), and interactive validation (Mutual authentication) "。
Message integrity must ensure that the message is not tampered with during transmission. The received message is complete and correct, the message confidentiality must ensure that the message is not consulted by any third party, and the content of the message is not leaked to any unrelated person, whereas interactive authentication means that the client and server must have some trust mechanism to establish the correct connection. Interactive authentication also monitors and blocks denial of service attacks (DOS). The common practice is to digitally sign messages to ensure their integrity, using asymmetric encryption algorithms to block message content, while user name/password, X.509 digital certificate can be used to verify the identity of the other, where we mainly describe how to use the user name/password authentication method in WCF.
2. X.509 digital certificate verification:
In the last blog we described the use of Username/password way to verify identity, http://www.cnblogs.com/liujiang/archive/2008/11/21/1338384. HTML. Now let's talk about how to use X.509 certificates to validate. First, let's take a look at the relevant technologies for X.509 certificates. X.509 is a digital certificate standard established by the International Telecommunication Union (ITU-T). X.509 is an authentication business Key management based on public key system, the user with certificate has two keys, one is called public key, the other is called private key. The private key is highly confidential, In general, only the user himself knows. Public keys are available to other users. For example, our server has a digital certificate for temp. We can use the server's public key to encrypt and send messages to the server side. The server side then decrypts the message through the private key. Messages that have been encrypted by public key typically only
Can be decrypted by the private key, which shows the importance of the private key. In the WCF Username/password, you use the public key to encrypt the username and password. Let's talk about using the X.509 authentication method in WCF. Between WCF's server and client, if no security processing is done (that is, the <security mode= "None" >) of the server, all transmitted messages are transmitted in plaintext and are unsafe in internet/intranet environments, This is the purpose of using a certificate. When we use the username method, usually every time to read the username/password information from the database to verify, more trouble, It's expensive too. So we can also use the X.509 method to verify. Below we use a demo to illustrate how to work with the X.509 authentication method. Executes under command commands in the tool of vs2008:
Makecert-r-pe-n "cn=client"-ss My-sky Exchange.
Makecert-r-pe-n cn=client "-ss My-sky Exchange. We can generate client certificates for the server. The following figure shows.