서비스에 대한 WCF 기반 통신 보호
통신의 가장 중요한 측면 중 하나는 보안입니다. Reliable Services 애플리케이션 프레임워크는 보안을 향상시키는 데 사용할 수 있는 미리 빌드된 통신 스택 및 도구 몇 가지를 제공합니다. 이 아티클에서는 원격 서비스를 사용하는 경우 보안을 향상시키는 방법에 대해 설명합니다.
Reliable Services에 대한 WCF 기반 통신 스택을 설정하는 방법을 설명하는 기존 예제를 사용합니다. WCF 기반 통신 스택을 사용하는 경우 서비스를 보호하려면 다음 단계를 수행하세요.
서비스의 경우 만든 WCF 통신 수신기(
WcfCommunicationListener)를 보호해야 합니다. 이 작업을 수행하려면CreateServiceReplicaListeners메서드를 수정합니다.protected override IEnumerable<ServiceReplicaListener> CreateServiceReplicaListeners() { return new[] { new ServiceReplicaListener( this.CreateWcfCommunicationListener) }; } private WcfCommunicationListener<ICalculator> CreateWcfCommunicationListener(StatefulServiceContext context) { var wcfCommunicationListener = new WcfCommunicationListener<ICalculator>( serviceContext:context, wcfServiceObject:this, // For this example, we will be using NetTcpBinding. listenerBinding: GetNetTcpBinding(), endpointResourceName:"WcfServiceEndpoint"); // Add certificate details in the ServiceHost credentials. wcfCommunicationListener.ServiceHost.Credentials.ServiceCertificate.SetCertificate( StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "9DC906B169DC4FAFFD1697AC781E806790749D2F"); return wcfCommunicationListener; } private static NetTcpBinding GetNetTcpBinding() { NetTcpBinding b = new NetTcpBinding(SecurityMode.TransportWithMessageCredential); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; return b; }클라이언트에서는 이전 예제에서 만든
WcfCommunicationClient클래스가 변경되지 않고 그대로 유지됩니다. 그러나WcfCommunicationClientFactory의CreateClientAsync메서드를 재정의해야 합니다.public class SecureWcfCommunicationClientFactory<TServiceContract> : WcfCommunicationClientFactory<TServiceContract> where TServiceContract : class { private readonly Binding clientBinding; private readonly object callbackObject; public SecureWcfCommunicationClientFactory( Binding clientBinding, IEnumerable<IExceptionHandler> exceptionHandlers = null, IServicePartitionResolver servicePartitionResolver = null, string traceId = null, object callback = null) : base(clientBinding, exceptionHandlers, servicePartitionResolver,traceId,callback) { this.clientBinding = clientBinding; this.callbackObject = callback; } protected override Task<WcfCommunicationClient<TServiceContract>> CreateClientAsync(string endpoint, CancellationToken cancellationToken) { var endpointAddress = new EndpointAddress(new Uri(endpoint)); ChannelFactory<TServiceContract> channelFactory; if (this.callbackObject != null) { channelFactory = new DuplexChannelFactory<TServiceContract>( this.callbackObject, this.clientBinding, endpointAddress); } else { channelFactory = new ChannelFactory<TServiceContract>(this.clientBinding, endpointAddress); } // Add certificate details to the ChannelFactory credentials. // These credentials will be used by the clients created by // SecureWcfCommunicationClientFactory. channelFactory.Credentials.ClientCertificate.SetCertificate( StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "9DC906B169DC4FAFFD1697AC781E806790749D2F"); var channel = channelFactory.CreateChannel(); var clientChannel = ((IClientChannel)channel); clientChannel.OperationTimeout = this.clientBinding.ReceiveTimeout; return Task.FromResult(this.CreateWcfCommunicationClient(channel)); } }SecureWcfCommunicationClientFactory를 사용하여 WCF 통신 클라이언트(WcfCommunicationClient)를 만듭니다. 클라이언트를 사용하여 서비스 메서드를 호출합니다.IServicePartitionResolver partitionResolver = ServicePartitionResolver.GetDefault(); var wcfClientFactory = new SecureWcfCommunicationClientFactory<ICalculator>(clientBinding: GetNetTcpBinding(), servicePartitionResolver: partitionResolver); var calculatorServiceCommunicationClient = new WcfCommunicationClient( wcfClientFactory, ServiceUri, ServicePartitionKey.Singleton); var result = calculatorServiceCommunicationClient.InvokeWithRetryAsync( client => client.Channel.Add(2, 3)).Result;
다음 단계는 Reliable Services에서 OWIN을 사용하는 Web API를 참조하세요.