MessageContractMemberAttribute.ProtectionLevel 属性

定义

指定该成员是否按原样传输,是否已签名或是否已签名和加密。Specifies whether the member is to be transmitted as-is, signed, or signed and encrypted.

public:
 property System::Net::Security::ProtectionLevel ProtectionLevel { System::Net::Security::ProtectionLevel get(); void set(System::Net::Security::ProtectionLevel value); };
public System.Net.Security.ProtectionLevel ProtectionLevel { get; set; }
member this.ProtectionLevel : System.Net.Security.ProtectionLevel with get, set
Public Property ProtectionLevel As ProtectionLevel

属性值

ProtectionLevel

ProtectionLevel 值之一。One of the ProtectionLevel values. 默认值为 NoneThe default is None.

注解

若要在 ProtectionLevelMessageHeaderAttribute 特性中使用 MessageBodyMemberAttribute 属性,则必须正确配置绑定和行为。To make use of the ProtectionLevel property in either the MessageHeaderAttribute or MessageBodyMemberAttribute attributes you must properly configure the binding and behaviors. 如果在没有正确配置的情况下(例如,在不提供安全凭据的消息部分中使用 ProtectionLevel.Sign)使用这些安全功能,则会在运行时引发异常。If these security features are used without a proper configuration (for example, using ProtectionLevel.Sign with a message part without supplying security credentials) an exception is thrown at run time.

此外,将分别为每个标头确定其保护级别。In addition, the protection level is determined for each header individually. 但是,无论包含几个正文部分,SOAP 正文都只有一个保护级别。However, the SOAP body has only one protection level, regardless of the number of body parts. 正文的保护级别由所有正文部分的最高 ProtectionLevel 属性值确定。The protection level of the body is determined by the highest ProtectionLevel property value of all the body parts. 例如,请考虑以下类:For example, consider the following class:

[MessageContract]  
public class PatientRecord  
{  
   [MessageHeader(ProtectionLevel=None)] public int recordID;  
   [MessageHeader(ProtectionLevel=Sign)] public string patientName;  
   [MessageHeader(ProtectionLevel=EncryptAndSign)] public string SSN;  
   [MessageBody(ProtectionLevel=None)] public string comments;  
   [MessageBody(ProtectionLevel=Sign)] public string diagnosis;  
   [MessageBody(ProtectionLevel=EncryptAndSign)] public string medicalHistory;  
}  

在此示例中,recordID 标头未受保护,但已对 patientName 签名并且对 SSN 进行了加密和签名。In this example, the recordID header is not protected, patientName is signed, and SSN is encrypted and signed. 至少有一个正文部分 (medicalHistory) 具有 ProtectionLevel.EncryptAndSign,因此将对整个消息正文进行加密和签名,即使 commentsdiagnosis 正文部分指定了较低的保护级别。There is at least one body part, medicalHistory, with ProtectionLevel.EncryptAndSign and thus the entire message body is encrypted and signed, even though the comments and diagnosis body parts specify lower protection levels.

运行时的保护行为是在下列属性中设置的保护级别值的组合。The protection behavior at runtime is the combination of the protection-level values set on the following properties. 这些属性具有层次结构。These properties have a hierarchical structure. 除非已为较窄范围显式设置了某个不同的值,否则设置最外层的值将为所有较窄的范围确定默认设置。Setting the outermost value establishes the default setting for all narrower scopes unless a different value for a narrower scope is explicitly set. 在这种情况下,外层的值将保持所有较窄的范围的默认设置,但特定的设置除外。In this case, the outer value remains the default for all narrower scopes with the exception of that specifically set.

例如,如果将 ServiceContractAttribute.ProtectionLevel 设置为 ProtectionLevel.EncryptAndSign,并且其他较窄范围都没有设置保护级别,则会对操作协定中的所有消息进行加密和签名。For example, if ServiceContractAttribute.ProtectionLevel is set to ProtectionLevel.EncryptAndSign and no other narrower scopes have protection level settings, all messages in an operation contract are encrypted and signed. 但是,如果其中一个操作将 OperationContractAttribute 设置为 ProtectionLevel.Sign,那么只会对此操作的消息进行签名,而对协定中的所有其他消息进行加密和签名。If, however, one of those operations has the OperationContractAttribute set to ProtectionLevel.Sign, then the messages for that operation are signed but all other messages in the contract are encrypted and signed.

有关保护级别及其假设和范围的详细信息,请参阅 了解保护级别For details about protection levels and their assumptions and scopes, see Understanding Protection Level.

这些值的设置范围是:The scopes at which these values are set are:

ServiceContractAttribute.ProtectionLevel

OperationContractAttribute.ProtectionLevel

FaultContractAttribute.ProtectionLevel

MessageContractAttribute.ProtectionLevel

MessageContractMemberAttribute.ProtectionLevel 上的 System.ServiceModel.MessageHeaderAttribute 属性。The MessageContractMemberAttribute.ProtectionLevel property on System.ServiceModel.MessageHeaderAttribute.

MessageContractMemberAttribute.ProtectionLevel 上的 System.ServiceModel.MessageBodyMemberAttribute 属性。The MessageContractMemberAttribute.ProtectionLevel property on System.ServiceModel.MessageBodyMemberAttribute.

当协定上没有显式指定保护级别并且基础绑定支持安全性时(无论处于传输级别还是处于消息级别),整个协定的有效保护级别将为 ProtectionLevel.EncryptAndSignWhen there is no protection level explicitly specified on the contract and the underlying binding supports security (whether at the transport or message level), the effective protection level for the whole contract is ProtectionLevel.EncryptAndSign. 如果绑定不支持安全性(如 BasicHttpBinding),则整个协定的有效 System.Net.Security.ProtectionLevelProtectionLevel.NoneIf the binding does not support security (such as BasicHttpBinding), the effective System.Net.Security.ProtectionLevel is ProtectionLevel.None for the whole contract. 因此,根据终结点绑定,即使协定指定了 ProtectionLevel.None,客户端也可以要求不同的消息或传输级别安全保护。The result is that depending upon the endpoint binding, clients can require different message or transport level security protection even when the contract specifies ProtectionLevel.None.

适用于