定義了基本 HttpBinding> 的訊息層級安全性<設定。
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding>
<security>
<message>
語法
<message algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
clientCredentialType="UserName/Certificate" />
屬性和項目
下列各節說明屬性、子元素和父元素
Attributes
| Attribute | Description |
|---|---|
| algorithmSuite | 設定訊息加密與金鑰包裝演算法。 此屬性的型別 SecurityAlgorithmSuite為 ,指定演算法與金鑰大小。 這些演算法對應於安全政策語言(WS-SecurityPolicy)規範中所規定的。 預設值是 Basic256。 |
| clientCredentialType | 指定在執行用戶端驗證時,使用訊息式安全時應使用的憑證類型。 預設值為 UserName。 |
clientCredentialType 屬性
| 價值觀 | Description |
|---|---|
| UserName | - 要求用戶端以使用者名稱憑證(UserName credential)向伺服器認證。 這個憑證需要使用 <clientCredentials> 來指定。 - WCF 不支援傳送密碼摘要或使用密碼推導金鑰,並使用這些金鑰進行訊息安全。 因此,WCF 在使用 UserName 憑證時,強制傳輸必須受到保護。 對於 basicHttpBinding,這需要設置一個 SSL 通道。 |
| Certificate | 要求用戶端必須透過憑證向伺服器認證。 此時客戶端憑證需使用 <clientCredentials> 與 <clientCertificate> 來指定。 此外,使用訊息安全模式時,用戶端必須以服務憑證進行配置。 此時服務憑證需透過 ClientCredentials 類別或 ClientCredentials 行為元素指定,並使用 <serviceCertificate> 指定服務憑證。 |
子專案
None
父項目
| 元素 | Description |
|---|---|
| <安全> | 定義了基本 HttpBinding> 的安全能力<。 |
Example
本範例示範如何實作使用基本 HttpBinding 與訊息安全功能的應用程式。 在以下服務的設定範例中,端點定義指定了 basicHttpBinding,並參考一個名為 Binding1的綁定設定。 服務用來向用戶端驗證的憑證,會在設定檔的元件下方serviceCredentials的區塊中設定behaviors。 用戶端用來驗證服務的憑證驗證模式也設定在 behaviors 元件 clientCertificate 下的章節中。
相同的綁定與安全細節則在用戶端設定檔中指定。
<system.serviceModel>
<services>
<service name="Microsoft.ServiceModel.Samples.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/ServiceModelSamples/service" />
</baseAddresses>
</host>
<!-- this endpoint is exposed at the base address provided by host: http://localhost:8000/ServiceModelSamples/service -->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="Binding1"
contract="Microsoft.ServiceModel.Samples.ICalculator" />
<!-- the mex endpoint is exposed at http://localhost:8000/ServiceModelSamples/service/mex -->
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<!-- This configuration defines the SecurityMode as Message and
the clientCredentialType as Certificate. -->
<binding name="Binding1">
<security mode = "Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true-->
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False" />
<!-- The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions. -->
<serviceCredentials>
<serviceCertificate findValue="localhost"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<clientCertificate>
<!-- Setting the certificateValidationMode to PeerOrChainTrust means that if the certificate
is in the user's Trusted People store, then it will be trusted without performing a
validation of the certificate's issuer chain. This setting is used here for convenience so that the
sample can be run without having to have certificates issued by a certification authority (CA).
This setting is less secure than the default, ChainTrust. The security implications of this
setting should be carefully considered before using PeerOrChainTrust in production code. -->
<authentication certificateValidationMode="PeerOrChainTrust" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
