MessageContractMemberAttribute.ProtectionLevel 屬性


指定成員要依現狀加以傳輸、簽署,或者加以簽署並加密。Specifies whether the member is to be transmitted as-is, signed, or signed and encrypted.

 property System::Net::Security::ProtectionLevel ProtectionLevel { System::Net::Security::ProtectionLevel get(); void set(System::Net::Security::ProtectionLevel value); };
public System.Net.Security.ProtectionLevel ProtectionLevel { get; set; }
member this.ProtectionLevel : System.Net.Security.ProtectionLevel with get, set
Public Property ProtectionLevel As ProtectionLevel



其中一個 ProtectionLevel 值。One of the ProtectionLevel values. 預設為 NoneThe default is None.


若要使用 ProtectionLevelMessageHeaderAttribute 屬性中的 MessageBodyMemberAttribute 屬性,您必須正確設定繫結和行為。To make use of the ProtectionLevel property in either the MessageHeaderAttribute or MessageBodyMemberAttribute attributes you must properly configure the binding and behaviors. 如果沒有透過正確的組態 (例如,使用具有未提供安全性認證之訊息部分的 ProtectionLevel.Sign) 使用這些安全性功能,就會在執行階段擲回例外狀況。If these security features are used without a proper configuration (for example, using ProtectionLevel.Sign with a message part without supplying security credentials) an exception is thrown at run time.

此外,保護層級是針對每一個標頭個別決定的。In addition, the protection level is determined for each header individually. 不過,無論有多少個本文部分,SOAP 本文都只有一個保護層級。However, the SOAP body has only one protection level, regardless of the number of body parts. 本文保護層級是由所有本文部分的最高層 ProtectionLevel 屬性值所決定。The protection level of the body is determined by the highest ProtectionLevel property value of all the body parts. 例如,請參考下列類別:For example, consider the following class:

public class PatientRecord  
   [MessageHeader(ProtectionLevel=None)] public int recordID;  
   [MessageHeader(ProtectionLevel=Sign)] public string patientName;  
   [MessageHeader(ProtectionLevel=EncryptAndSign)] public string SSN;  
   [MessageBody(ProtectionLevel=None)] public string comments;  
   [MessageBody(ProtectionLevel=Sign)] public string diagnosis;  
   [MessageBody(ProtectionLevel=EncryptAndSign)] public string medicalHistory;  

在這個範例中,recordID 標頭不受保護,patientName 已經過簽署,而 SSN 已經過加密並簽署。In this example, the recordID header is not protected, patientName is signed, and SSN is encrypted and signed. 至少有一個本文部分 medicalHistory 具有 ProtectionLevel.EncryptAndSign,因此會加密並簽署整個訊息本文,即使 commentsdiagnosis 本文部分指定較低的保護層級亦然。There is at least one body part, medicalHistory, with ProtectionLevel.EncryptAndSign and thus the entire message body is encrypted and signed, even though the comments and diagnosis body parts specify lower protection levels.

執行階段的保護行為,是下列屬性的保護層級設定值的組合。The protection behavior at runtime is the combination of the protection-level values set on the following properties. 這些屬性有階層式結構。These properties have a hierarchical structure. 除非針對較窄的範圍明確設定不同的值,否則,設定最外層的值會建立所有較窄範圍的預設值。Setting the outermost value establishes the default setting for all narrower scopes unless a different value for a narrower scope is explicitly set. 在此情況下,外部值仍為所有較窄範圍的預設值 (特別設定的範圍除外)。In this case, the outer value remains the default for all narrower scopes with the exception of that specifically set.

例如,如果 ServiceContractAttribute.ProtectionLevel 設定為 ProtectionLevel.EncryptAndSign 而且沒有其他更窄的範圍具有保護層級設定,則會加密並簽署作業合約中的所有訊息。For example, if ServiceContractAttribute.ProtectionLevel is set to ProtectionLevel.EncryptAndSign and no other narrower scopes have protection level settings, all messages in an operation contract are encrypted and signed. 但是,如果這些其中一個作業已將 OperationContractAttribute 設定為 ProtectionLevel.Sign,則會簽署該作業的訊息,但是合約中的其他所有訊息都會經過加密並簽署。If, however, one of those operations has the OperationContractAttribute set to ProtectionLevel.Sign, then the messages for that operation are signed but all other messages in the contract are encrypted and signed.

如需保護層級及其假設和範圍的詳細資訊,請參閱 瞭解保護層級For details about protection levels and their assumptions and scopes, see Understanding Protection Level.

設定這些值的範圍如下:The scopes at which these values are set are:





MessageContractMemberAttribute.ProtectionLevelSystem.ServiceModel.MessageHeaderAttribute 屬性。The MessageContractMemberAttribute.ProtectionLevel property on System.ServiceModel.MessageHeaderAttribute.

MessageContractMemberAttribute.ProtectionLevelSystem.ServiceModel.MessageBodyMemberAttribute 屬性。The MessageContractMemberAttribute.ProtectionLevel property on System.ServiceModel.MessageBodyMemberAttribute.

當合約上未明確指定保護層級,而且基礎繫結可支援安全性 (不論是在傳輸層級或訊息層級) 時,整個合約的有效保護層級會是 ProtectionLevel.EncryptAndSignWhen there is no protection level explicitly specified on the contract and the underlying binding supports security (whether at the transport or message level), the effective protection level for the whole contract is ProtectionLevel.EncryptAndSign. 如果繫結不支援安全性 (例如,BasicHttpBinding),整個合約的有效 System.Net.Security.ProtectionLevelProtectionLevel.NoneIf the binding does not support security (such as BasicHttpBinding), the effective System.Net.Security.ProtectionLevel is ProtectionLevel.None for the whole contract. 結果便是根據端點繫結的不同,用戶端可以要求不同的訊息或傳輸層級的安全性保護,即使當合約指定 ProtectionLevel.None 時亦然。The result is that depending upon the endpoint binding, clients can require different message or transport level security protection even when the contract specifies ProtectionLevel.None.