关于相互SSL的安全模式,我有两个问题。
我浏览了一些网站,例如:
2。 https://www.codeproject.com/Articles/348595/Use-Mutual-SSL-Authentication-in-WCF
在所有绑定配置中。我意识到所有安全模式都设置为'Transport'。
<bindings>
<wsHttpBinding>
<!-- configure wsHttp binding with Transport security mode and clientCredentialType as Certificate -->
<binding>
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
关于此,我想知道的是是否有可能使用其他类型的安全模式,例如'Message'或'TransportWithMessageCredential'。如果是,为什么?
此外,如果可能,客户端是否必须将其安全模式更改为与服务器端相同的安全模式?
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="serviceCredentialBehavior">
<serviceCredentials>
<serviceCertificate findValue="Contoso.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="serviceCredentialBehavior"
name="ServiceModel.Calculator">
<endpoint address="http://localhost/Calculator"
binding="wsHttpBinding"
bindingConfiguration="InteropCertificateBinding"
name="WSHttpBinding_ICalculator"
contract="ServiceModel.ICalculator" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="InteropCertificateBinding">
<security mode="Message">
<message clientCredentialType="Certificate"
negotiateServiceCredential="false"
establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
这也适用于TransportWithMessageCredential
安全模式。只要安全模式为Transport
安全模式,就需要将证书绑定到特定端口。此外,绑定配置应在客户端和服务器端之间保持一致。就像服务合同在客户端和服务器端之间共享一样。请随时告诉我是否有什么我可以帮助的。