第五步:
WCF安全機制---續。
傳輸通道層級保護一個HTTP服務
1、在ProductsServiceHost項目app.config右鍵“編輯WCF配置”,建立一個綁定配置,類型為basicHttpBinding,名稱ProductsServiceBasicHttpBindingConfig,Mode:Transport。
將終結點BasicHttpBinding_IProductsService的BindingConfigration設為ProductsServiceBasicHttpBindingConfig。
<basicHttpBinding>
<binding name="ProductsServiceBasicHttpBindingConfig">
<security mode="Transport" />
</binding>
</basicHttpBinding>
......
<endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
binding="basicHttpBinding" bindingConfiguration="ProductsServiceBasicHttpBindingConfig"
name="BasicHttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
2、在ProductsClient用戶端項目app.config類似的設定
<binding name="ProductsClientBasicHttpBindingConfig">
<security mode="Transport" />
</binding>
......
<endpoint address="https://192.168.1.101:8000/ProductsService/ProductsService.svc"
binding="basicHttpBinding" bindingConfiguration="ProductsClientBasicHttpBindingConfig"
contract="ProductsService.IProductsService" name="BasicHttpBinding_IProductsService" />
接下來比較重要的就是用SSL認證,設定一個WCF HTTP 終結點
1、以管理的身份開啟Visual Studio 命令提示(2010),在命令平台輸入
makecert -sr LocalMachine -ss My -n CN=HTTPS-Server -sky exchange -sk HTTPS-Key
2、平台輸出Succeeded,就可再輸入mmc。在控制台,檔案->添加或刪除嵌入式管理單元,在可用嵌入式管理單元選擇認證-〉添加-〉電腦賬戶-〉下一步,完成。然後你可以看到上面產生的認證,
3、雙擊HTTPS-Server,詳細資料-〉指紋。把其十六進位值複製下來。
4、將ssl認證設定到http終結點上
netsh http add sslcert ipport=192.168.1.101:8000 certhash=a225882af2048f404a5bf235290f516fea7836f3 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
(注意ipport中ip地址是自己電腦的ip地址,用127.0.0.1也可以。但是服務端和用戶端的端點位址一點也是這個ip地址,不能是localhost)
5、建立類PermissiveCertificatePolicy
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net;
namespace ProductsClient
{
class PermissiveCertificatePolicy
{
string subjectName;
static PermissiveCertificatePolicy currentPolicy;
PermissiveCertificatePolicy(string subjectName)
{
this.subjectName = subjectName;
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
}
public static void Enact(string subjectName)
{
currentPolicy = new PermissiveCertificatePolicy(subjectName);
}
bool RemoteCertValidate(object sender, X509Certificate cert,X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
if (cert.Subject == subjectName)
{
return true;
}
return false;
}
}
}
6、用戶端
static void Main(string[] args)
{
Console.WriteLine("Press ENTER when the service has started");
Console.ReadLine();
// Create a proxy object and connect to the service
PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");
......
}
訊息層級保護一個HTTP服務(使用WS2007HttpBinding)
1、添加一個WS2007HttpBinding_IProductsService終結點
<endpoint address="http://localhost:8010/ProductsService/Service.svc"
binding="ws2007HttpBinding"
name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
2、Visual Studio 命令提示(2010),在命令平台輸入netsh http add urlacl url=http://localhost:8010/ProductsService user=UserName
3、用戶端配置終結點
<endpoint address="http://localhost:8010/ProductsService/Service.svc"
binding="ws2007HttpBinding"
name="WS2007HttpBinding_IProductsService" contract="ProductsServiceLibrary.IProductsService" />
4、用戶端
static void Main(string[] args)
{
...
using (ProductsServiceClient proxy = new ProductsServiceClient("WS2007HttpBinding_IProductsService"))
// Test the operations in the service
...
}
在windows域內授權windows使用者(使用basicHttpBinding)
1、該執行個體基於前面“傳輸通道層級保護一個HTTP服務”的代碼基礎上,修改ProductsServiceLibrary項目.引入PresentationFramework, PresentationCore,System.Xaml, 和WindowsBase組件。
public class ProductsServiceImpl : IProductsService
{
static IList<tblProduct> ps = Builder<tblProduct>.CreateListOfSize(50).Build();
static IList<tblProductInventory> pis = Builder<tblProductInventory>.CreateListOfSize(50).Build();
public List<string> ListProducts()
{
string userName = Thread.CurrentPrincipal.Identity.Name;
MessageBox.Show(string.Format("Username is {0}", userName),"ProductsService Authentication", MessageBoxButton.OK);
.......
}
2、項目ProductsServiceHost的設定檔ProductsServiceBasicHttpBindingConfig的TransportClientCredentialType設定為basic(或windows),項目ProductsClient的設定檔ProductsClientBasicHttpBindingConfig的TransportClientCredentialType設定為basic(或windows)。
static void Main(string[] args)
{
Console.WriteLine("Press ENTER when the service has started");
Console.ReadLine();
// Create a proxy object and connect to the service
PermissiveCertificatePolicy.Enact("CN=HTTPS-Server");
using (ProductsServiceClient proxy = new ProductsServiceClient("BasicHttpBinding_IProductsService"))
{
try
{
proxy.ClientCredentials.UserName.UserName = "workgroup\\ls";
proxy.ClientCredentials.UserName.Password = "911";
........
}
UserName和Password 根據自己的電腦為準。
運行結果:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
