禁用从服务到客户端的消息签名
disable message signing from service to client
如何禁用从服务到客户端的消息签名?
我正在使用带有 Message 安全模式和 Certificates 作为凭据类型的 basicHttpBinding。
我有可行的解决方案,但此解决方案在两个方向都使用证书签名;我只想要求方向客户 - >服务。我怎样才能实现它?有可能吗?
我的用例很简单;基本上我不想要求客户指定服务证书,他们只提供他们的证书,我只是在我的自定义证书验证器中检查该证书是否已注册和启用...
服务配置
<system.serviceModel>
<services>
<service behaviorConfiguration="MyApp.ServiceBehavior" name="MyApp.Service">
<endpoint address="" binding="basicHttpBinding" contract="MyApp.IService" bindingConfiguration="CustomBinding">
<identity>
<dns value="SebastianServer" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyApp.ServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
<clientCertificate>
<!--<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />-->
<authentication certificateValidationMode="Custom" customCertificateValidatorType="MyApp.CustomValidator, MyApp"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="CustomBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
客户端配置
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="certificateEndpoint">
<clientCredentials>
<clientCertificate findValue="f2ba8e5a7531df7097117661d966d1f14fccb360" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
<defaultCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService">
<security mode="Message">
<transport clientCredentialType="None" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:5129/Service.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IService"
contract="MyAppService.IService"
behaviorConfiguration="certificateEndpoint"
name="BasicHttpBinding_IService">
<identity>
<dns value="SebastianServer"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
自定义绑定是可能的。
如何禁用从服务到客户端的消息签名? 我正在使用带有 Message 安全模式和 Certificates 作为凭据类型的 basicHttpBinding。
我有可行的解决方案,但此解决方案在两个方向都使用证书签名;我只想要求方向客户 - >服务。我怎样才能实现它?有可能吗? 我的用例很简单;基本上我不想要求客户指定服务证书,他们只提供他们的证书,我只是在我的自定义证书验证器中检查该证书是否已注册和启用...
服务配置
<system.serviceModel>
<services>
<service behaviorConfiguration="MyApp.ServiceBehavior" name="MyApp.Service">
<endpoint address="" binding="basicHttpBinding" contract="MyApp.IService" bindingConfiguration="CustomBinding">
<identity>
<dns value="SebastianServer" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyApp.ServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
<clientCertificate>
<!--<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />-->
<authentication certificateValidationMode="Custom" customCertificateValidatorType="MyApp.CustomValidator, MyApp"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="CustomBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
客户端配置
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="certificateEndpoint">
<clientCredentials>
<clientCertificate findValue="f2ba8e5a7531df7097117661d966d1f14fccb360" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
<defaultCertificate findValue="052026af9ea372c95b63acc3fb9f36859931f205" x509FindType="FindByThumbprint" storeLocation="CurrentUser" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService">
<security mode="Message">
<transport clientCredentialType="None" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost:5129/Service.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IService"
contract="MyAppService.IService"
behaviorConfiguration="certificateEndpoint"
name="BasicHttpBinding_IService">
<identity>
<dns value="SebastianServer"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
自定义绑定是可能的。