WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

原创地址：http://www.cnblogs.com/jfzhu/p/4071342.html                                                                                        

转载请注明出处

前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode，并且clientCredentialType用的是certificate。

本文演示basicHttpbinding使用Transport Security Mode，并且clientCredentialType="None"。

（一）WCF 服务代码与配置文件

IDemoService.cs

using System.ServiceModel;

namespace WCFDemo 
{    
    [ServiceContract(Name = "IDemoService")] 
    public interface IDemoService 
    { 
        [OperationContract] 
        [FaultContract(typeof(DivideByZeroFault))] 
        int Divide(int numerator, int denominator); 
    } 
}

DemoService.cs

using System; 
using System.ServiceModel; 
using System.ServiceModel.Activation;

namespace WCFDemo 
{ 
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] 
    public class DemoService : IDemoService 
    { 
        public int Divide(int numerator, int denominator) 
        { 
            try 
            { 
                return numerator / denominator; 
            } 
            catch (DivideByZeroException ex) 
            { 
                DivideByZeroFault fault = new DivideByZeroFault(); 
                fault.Error = ex.Message; 
                fault.Detail = "Denominator cannot be ZERO!"; 
                throw new FaultException<DivideByZeroFault>(fault); 
            }           
        } 
    } 
}

完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》。

server web.config

<?xml version="1.0"?> 
<configuration> 
    <system.web> 
      <compilation debug="true" targetFramework="4.0" /> 
    </system.web> 
    <system.serviceModel> 
      <bindings> 
        <basicHttpBinding> 
          <binding name="basicBinding"> 
            <security mode="Transport"> 
              <transport clientCredentialType="None" /> 
            </security> 
          </binding> 
        </basicHttpBinding> 
      </bindings> 
      <services> 
        <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior"> 
          <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" />          
          <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint> 
        </service> 
      </services> 
        <behaviors> 
            <serviceBehaviors> 
                <behavior name="CustomBehavior"> 
                    <serviceMetadata httpsGetEnabled="true" /> 
                    <serviceDebug includeExceptionDetailInFaults="false" />                    
                </behavior> 
            </serviceBehaviors> 
        </behaviors> 
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    </system.serviceModel> 
</configuration> 

（二）为WCF Service application添加一个https binding。

具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》。

配置完https binding之后，双击SSL Settings

勾选Require SSL，点击Apply。

Http的Binding还是不可缺少，否则会出现下面的错误

（三）在客户端安装SSL根证书

由于https证书使用的是

所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc

在客户端，为C:WindowsSystem32Driversetchost 添加一条记录

然后安装根证书

双击根证书文件，弹出证书属性的对话框，此时该根证书并不受信任，我们需要将其加入“受信任的根证书颁发机构”，点击安装证书

（四）客户端代码与配置文件

在客户端Visual Studio添加Service Reference

private void buttonCalculate_Click(object sender, EventArgs e) 
{ 
    try 
    { 
        textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString(); 
    } 
    catch (FaultException<DemoServiceReference.DivideByZeroFault> fault) 
    { 
        MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail); 
    } 
}

client app.config

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
        <bindings> 
            <basicHttpBinding> 
                <binding name="BasicHttpBinding_IDemoService"> 
                    <security mode="Transport" /> 
                </binding> 
            </basicHttpBinding> 
        </bindings> 
        <client> 
            <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService" 
                binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService" 
                contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" /> 
        </client> 
    </system.serviceModel> 
</configuration>

（五）运行代码，监听Message

使用Fiddler，发现消息全部加密

但是如果用Microsoft Service Trace Viewer查看Message Log（参见《使用WCF的Trace与Message Log功能 》），可以看到解密后的信息，因为它不是在wire上监听，而Fiddler是在wire上进行监听。

Request:

Response:

（六）总结

Transport Security Mode是传输协议级的加密，而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式，比如HTTP的加密方式就为SSL。