none
netTcpBinding安全模式为Message采用UserName身份验证时,必须签名并加密吗? RRS feed

  • 问题

  •       <netTcpBinding>
            <binding maxBufferSize="6553600" maxReceivedMessageSize="6553600">
              <readerQuotas maxStringContentLength="6553600" />
              <security mode="Message">
                <transport protectionLevel="None" />
                <message clientCredentialType="UserName" />
              </security>
            </binding>
          </netTcpBinding>

    在此配置下,似乎服务协定保护模式似乎默认为EncryptAndSign,遇有较大字符串时(几十KB)性能明显下降。试着在服务协定中,将ProtectionLevel改为None或Sign,提示“主签名必须加密”,必须EncryptAndSign吗?


    韩立学

    2016年8月1日 3:44

答案

  • 嗨,

    你是怎么创建你的Service的,我按下面的步骤,在netTcpBinding安全模式是Message 和UserName的时候,是可以设置ProtectionLevel 为None.

    具体步奏如下:

    1.      创建Service

        <system.serviceModel>
            <behaviors>
                <serviceBehaviors>
                  <behavior name="netBehavior">
                    <serviceCredentials>
                      <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                    </serviceCredentials>
                    <serviceMetadata httpGetEnabled="false"/>
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                  </behavior>
                </serviceBehaviors>
            </behaviors>
            <services>
                <service name="WCFProtectionHost.Service1" behaviorConfiguration="netBehavior">
                  <endpoint address="nettcp"  binding="netTcpBinding" bindingConfiguration="netBinding" contract="WCFProtectionHost.IService1"></endpoint>
                    <endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" />
                    <host>
                        <baseAddresses>
                          <add baseAddress="net.tcp://localhost:8733/WCFProtectionHost"/>
                        </baseAddresses>
                    </host>
                </service>
            </services>
          <bindings>
            <netTcpBinding>
              <binding name="netBinding">
                <security mode="Message">
                  <message clientCredentialType="UserName"/>
                  <transport protectionLevel="None"></transport>
                </security>
              </binding>
            </netTcpBinding>
          </bindings>
        </system.serviceModel>

    2.      启动Service

                ServiceHost host = new ServiceHost(typeof(Service1));
                host.Open();
                Console.WriteLine("Service is open");
                Console.ReadLine();

    3.      Client端app.config

        <system.serviceModel>
            <bindings>
                <netTcpBinding>
                    <binding name="NetTcpBinding_IService11">
                        <security mode="Message">
                            <message clientCredentialType="UserName" />
                        </security>
                    </binding>
                </netTcpBinding>
            </bindings>
            <client>
                <endpoint address="net.tcp://localhost:8733/WCFProtectionHost/nettcp"
                    binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IService11"
                    contract="ServiceReference2.IService1" name="NetTcpBinding_IService1">
                    <identity>
                        <certificate encodedValue="AwAAAAEAAAAUAAAAxAPxvNLF/ddRyFNgGfmQrH4T720gAAAAAQAAANUBAAAwggHRMIIBOqADAgECAhB4Pz5lNtLupk46HciB5INTMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNTA4MDQxMDQ2NTlaFw0yMDA4MDQwMDAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA08UfYBDbRlt/I7hEIS2aV24kSer8Up6AlerKqFgzmaKh+G9oTMpJPxFlHPt9vD9p+uOww+uQTEZySaHcY+Lkw4Cdf4OXtJk7jGSBtUhWPI72b5DaxeXMLf8rvbygHscpl5crs4Mkj4onrsraVHl7SdTyxeBooKt3/0kkIsptCLkCAwEAAaMkMCIwCwYDVR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAA38c/4CgD49c7B4osc3ZSjPfI6+VUa8wLq4gpZj5v6DjMwJc7nVDBArZW9tL6bPZ4V0WZtzeOtsZNvaFfcARXVDuOmaXc3aDc7nwcQUFag+WLzIFzsyntvqVgK6uLlqb5J6VyA3GczonRAyGH0RhbNRRp4y4dxeOeh7KVew/bcI" />
                    </identity>
                </endpoint>
            </client>
        </system.serviceModel>

    4.      Client端代码

                Service1Client client = new Service1Client("NetTcpBinding_IService1");
                client.ClientCredentials.UserName.UserName = "xxx";
                client.ClientCredentials.UserName.Password = "xx";
                client.DoWork();
                Console.WriteLine("Do Work is ok");
                Console.ReadLine();

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    2016年8月2日 1:50
    版主