SecureConversationServiceCredential.SecurityStateEncoder SecureConversationServiceCredential.SecurityStateEncoder SecureConversationServiceCredential.SecurityStateEncoder SecureConversationServiceCredential.SecurityStateEncoder Property


获取或设置用于对 Cookie 序列化进行编码和解码的自定义 SecurityStateEncoderGets or sets a customized SecurityStateEncoder for encoding and decoding cookie serialization.

 property System::ServiceModel::Security::SecurityStateEncoder ^ SecurityStateEncoder { System::ServiceModel::Security::SecurityStateEncoder ^ get(); void set(System::ServiceModel::Security::SecurityStateEncoder ^ value); };
public System.ServiceModel.Security.SecurityStateEncoder SecurityStateEncoder { get; set; }
member this.SecurityStateEncoder : System.ServiceModel.Security.SecurityStateEncoder with get, set
Public Property SecurityStateEncoder As SecurityStateEncoder



下面的代码演示如何设置此属性。The following code shows how to set this property.

static void Configure(ServiceHost serviceHost)
     * There are certain settings that cannot be configured via app.config.  
     * The security state encoder is one of them.
     * Plug in a SecurityStateEncoder that uses the configured certificate 
     * to protect the security context token state.
     * Note: You don't need a security state encoder for cookie mode.  This was added to the 
     * sample to illustrate how you would plug in a custom security state encoder should
     * your scenario require one.
     * */
    serviceHost.Credentials.SecureConversationAuthentication.SecurityStateEncoder = 
            new CertificateSecurityStateEncoder(serviceHost.Credentials.ServiceCertificate.Certificate);


在“Cookie 模式”中,服务会以 Cookie 形式向客户端颁发安全上下文令牌 (SCT),如此一来,服务就无需维护任何安全状态。In "cookie mode", a service issues the client a security context token (SCT) in the form of a cookie to the client so that it does not have to maintain any security state. 客户端会在请求消息中将 Cookie 发送回去,如此一来,服务就会了解如何取消对请求消息的保护以及如何对其进行验证。The client sends the cookie back in the request message so that the service knows how to unprotect and verify the request message. 由于通常在不安全的网络上传输 SCT,所以必须对其加以保护。Because the SCT is often transmitted over a non-secure network, it must be protected.

默认情况下, Windows Communication Foundation (WCF) DataProtectionSecurityStateEncoder使用类通过数据保护 API (DPAPI) 来保护 cookie。By default, Windows Communication Foundation (WCF) uses the DataProtectionSecurityStateEncoder class to protect the cookie using the Data Protection API (DPAPI). 若要让 DPAPI 在网络场环境中发挥作用,所有后端服务都必须使用相同的域用户帐户运行。For DPAPI to work in a Web farm environment, all the backend services must run as the same domain user account. 也就是说,如果服务是 Web 承载的类型,则必须将 Internet 信息服务 (IIS) 辅助进程配置为以域用户身份运行。In other words, if the service is Web hosted, then the Internet Information Services (IIS) worker process must be configured to run as a domain user.

此属性使您可以使用自定义的 SecurityStateEncoder 对 Cookie 进行加密和解密,而不依赖 DPAPI。This property enables you to use a customized SecurityStateEncoder to encrypt and decrypt the cookie and not depend on DPAPI.