如何:创建安全会话
除了 <basicHttpBinding> 绑定之外,Windows Communication Foundation (WCF) 中系统提供的绑定会在启用消息安全性时自动使用安全会话。
默认情况下,安全会话不会在已回收的 Web 服务器中存在。 建立安全会话时,客户端和服务将缓存与安全会话关联的密钥。 交换消息时,只交换已缓存密钥的标识符。 如果回收了 Web 服务器,则也会回收缓存,因此 Web 服务器将无法检索该标识符的已缓存密钥。 如果发生这种情况,将会引发异常并返回至客户端。 使用有状态安全上下文令牌 (SCT) 的安全会话可以在回收 Web 服务器后存在。 有关在安全会话中使用有状态 SCT 的详细信息,请参阅如何:为安全会话创建安全上下文令牌。
通过使用系统提供的一个绑定指定服务使用安全会话
配置服务以使用支持消息安全的系统提供的绑定。
除了 <basicHttpBinding> 绑定之外,当系统提供的绑定配置为使用消息安全性时,WCF 会自动使用安全会话。 下表列出了支持消息安全的系统提供的绑定以及消息安全是否是默认的安全机制。
以下代码示例使用配置来指定名为
wsHttpBinding_Calculator的绑定,该绑定使用 <wsHttpBinding>、消息安全性和安全会话。<bindings> <WSHttpBinding> <binding name = "wsHttpBinding_Calculator"> <security mode="Message"> <message clientCredentialType="Windows"/> </security> </binding> </WSHttpBinding> </bindings>以下代码示例指定使用 <wsHttpBinding>、消息安全性和安全会话来保护
secureCalculator服务。WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.Message; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows; // Create the Type instances for later use and the URI for // the base address. Type contractType = typeof(ICalculator); Type serviceType = typeof(Calculator); Uri baseAddress = new Uri("http://localhost:8036/serviceModelSamples/"); // Create the ServiceHost and add an endpoint, then start // the service. ServiceHost myServiceHost = new ServiceHost(serviceType, baseAddress); myServiceHost.AddServiceEndpoint (contractType, myBinding, "secureCalculator"); myServiceHost.Open();Dim myBinding As New WSHttpBinding() myBinding.Security.Mode = SecurityMode.Message myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows ' Create the Type instances for later use and the URI for ' the base address. Dim contractType As Type = GetType(ICalculator) Dim serviceType As Type = GetType(Calculator) Dim baseAddress As New Uri("http://localhost:8036/serviceModelSamples/") ' Create the ServiceHost and add an endpoint, then start ' the service. Dim myServiceHost As New ServiceHost(serviceType, baseAddress) myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator") myServiceHost.Open()注意
通过将
establishSecurityContext属性设置为false,可以为 <wsHttpBinding> 关闭安全会话。 对于其他系统提供的绑定,只能通过创建自定义绑定来关闭安全会话。
通过使用自定义绑定来指定服务使用安全会话
创建一个自定义绑定,该绑定指定由安全会话保护 SOAP 消息。
有关创建自定义绑定的详细信息,请参阅如何:自定义系统提供的绑定。
下面的代码示例使用配置来指定使用安全会话的消息的自定义绑定。
<bindings> <!-- configure a custom binding --> <customBinding> <binding name="customBinding_Calculator"> <security authenticationMode="SecureConversation" /> <secureConversationBootstrap authenticationMode="SspiNegotiated" /> <textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8"/> <httpTransport/> </binding> </customBinding> </bindings>下面的代码示例创建一个自定义绑定,该绑定使用 MutualCertificate 身份验证模式启动安全会话。
SecurityBindingElement security = SecurityBindingElement.CreateMutualCertificateBindingElement(); // Use a secure session. security = SecurityBindingElement.CreateSecureConversationBindingElement(security, true); // Specify whether derived keys are required. security.SetKeyDerivation(true); // Create the custom binding. CustomBinding myBinding = new CustomBinding(security, new HttpTransportBindingElement()); // Create the Type instances for later use and the URI for // the base address. Type contractType = typeof(ICalculator); Type serviceType = typeof(Calculator); Uri baseAddress = new Uri("http://localhost:8036/serviceModelSamples/"); // Create the ServiceHost and add an endpoint, then start // the service. ServiceHost myServiceHost = new ServiceHost(serviceType, baseAddress); myServiceHost.AddServiceEndpoint (contractType, myBinding, "secureCalculator"); myServiceHost.Open();Dim security As SecurityBindingElement = SecurityBindingElement.CreateMutualCertificateBindingElement() ' Use a secure session. security = SecurityBindingElement.CreateSecureConversationBindingElement(security, True) ' Specify whether derived keys are required. security.SetKeyDerivation(True) ' Create the custom binding. Dim myBinding As New CustomBinding(security, New HttpTransportBindingElement()) ' Create the Type instances for later use and the URI for ' the base address. Dim contractType As Type = GetType(ICalculator) Dim serviceType As Type = GetType(Calculator) Dim baseAddress As New Uri("http://localhost:8036/serviceModelSamples/") ' Create the ServiceHost and add an endpoint, then start ' the service. Dim myServiceHost As New ServiceHost(serviceType, baseAddress) myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator") myServiceHost.Open()