我正在尝试创建使用 STS IssuedToken 保护的 WCF .NET 服务。 STS 由 X509 保护。
我用.NET框架开发了一个客户端,它可以工作。
我在网上进行了研究,发现.NET Core 中尚不支持 WCF 消息安全。
我的
app.config
是
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.diagnostics>
</system.diagnostics>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCert">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=XXX, OU=TNB, O=TNB, L=XX, S=XX, C=TR"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="contextSoap12Binding">
<textMessageEncoding messageVersion="Soap11"/>
<security authenticationMode="IssuedTokenOverTransport" securityHeaderLayout="Lax" includeTimestamp="true">
<secureConversationBootstrap enableUnsecuredResponse="false" requireSecurityContextCancellation="false"/>
<issuedTokenParameters keyType="SymmetricKey" tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
<claimTypeRequirements>
<add claimType="http://wso2.org/claims/userid"/>
<add claimType="http://wso2.org/claims/cn"/>
</claimTypeRequirements>
<issuer address="https://XXXX/services/wso2carbon-sts" binding="customBinding" bindingConfiguration="StsBinding"/>
<issuerMetadata address="https://XXXX/services/wso2carbon-sts?wsdl"/>
</issuedTokenParameters>
</security>
<context contextManagementEnabled="false"/>
<httpsTransport maxReceivedMessageSize="104857600" requireClientCertificate="true"/>
</binding>
<binding name="StsBinding">
<textMessageEncoding messageVersion="Default"/>
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport" securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="ServerEntropy"/>
<httpsTransport authenticationScheme="Basic" requireClientCertificate="true"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://XXXXX/services/Secured" binding="customBinding" bindingConfiguration="contextSoap12Binding" contract="GuvenliOdemeServis.Servis" name="ServisSoap11" behaviorConfiguration="ClientCert"/>
</client>
</system.serviceModel>
</configuration>
static void Main(string[] args)
{
var cert = new X509Certificate2(@"XXX.pfx", "123");
using (var svc = new ServisClient())
{
svc.ClientCredentials.UserName.UserName = username;
svc.ClientCredentials.UserName.Password = password;
svc.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var resp = svc.EOdemeSaticiKaydet(req);
}
}
我想知道是否有人找到了通过.NET Core 连接到 WCF 服务的方法。
谢谢您的帮助
在.NET core中,WCF不再适用,被CoreWCF取代。它是WCF到.NET core的一个端口。如果你想在.NET core上使用WCF,则需要使用CoreWCF。
现在 CoreWCF 仅支持带有 TransportWithMessageCredentials 的 x509 证书,而不支持完整的消息安全性。它可能会满足您的某些需求,但可能无法满足您的全部需求。但好消息是它仍在更新中。
您可以查看以下两个链接以获取更多信息: