一步步改造wcf,数据加密传输-匿名客户端加密传输

百度搜索wcf加密传输,资料挺多,真真正正能用的确不多. 一是本来就很复杂,而是各位大神给的资料不足.本人今天来提供一个简易方法. 匿名客户端加密传输

1.契约

建立契约工程CalcContract,实现两个数的求和.

[ServiceContract]

public interface ICalculator

{

    [OperationContract]

    CalculatorResult Add(double x, double y);

}

[DataContract]

public class CalculatorResult

{

    /// <summary>

    ///

    /// </summary>

    [DataMember]

    public double Result { get; set; }

    /// <summary>

    ///

    /// </summary>

    [DataMember]

    public double X { get; set; }

    /// <summary>

    ///

    /// </summary>

    [DataMember]

    public double Y { get; set; }

}

实现契约

public class Calculator:ICalculator

{

    public CalculatorResult Add(double x, double y)

    {

        Console.WriteLine(x.ToString() + "+" + y.ToString() + "=" + (x + y).ToString());

        return new CalculatorResult()

        {

            Result = x + y,

            X = x,

            Y = y

        };

    }

}

2.服务端实现

不用IIS实现,用控制台的方式实现,添加一个控制台程序Host,Main函数中:

class Program

{

    static void Main(string[] args)

    {

        using (ServiceHost host = new ServiceHost(typeof(Calculator)))

        {

            host.Opened += delegate

            {

                Console.WriteLine("Service Has Started.Press any key to quit.");

            };

            //通讯状态转换到已打开

            host.Open();

            Console.ReadLine();

        }

    }

}

App.config中关于wcf的配置

    <system.serviceModel>

    <behaviors>

      <serviceBehaviors>

        <behavior name="metadataBehavior" >

          <serviceMetadata httpGetEnabled="true"  />

        </behavior>

        <behavior name="behaviorConfig">

          <serviceMetadata httpGetEnabled="true"  httpGetUrl="http://127.0.0.1:8889/calculatorservice/data" />

        </behavior>

      </serviceBehaviors>

    </behaviors>

    <bindings>

      <basicHttpBinding >

        <binding name="basicHttpBindingConfiguration"/>

      </basicHttpBinding>

    </bindings>

    <services>

      <service   name="CalcContract.Calculator"  behaviorConfiguration="behaviorConfig">

        <endpoint address="http://127.0.0.1:8889/calculatorservice"

            binding="basicHttpBinding" bindingConfiguration="basicHttpBindingConfiguration" contract="CalcContract.ICalculator" >

        </endpoint>

      </service>

    </services>

  </system.serviceModel>

3.客户端

建立客户端控制台程序Client.先运行起服务端,在客户端添加服务引用,命名为CalcServiceReference,这个我就略过了.添加引用后.Main函数中代码为:

    static void Main(string[] args)

    {

        CalcServiceReference.CalculatorClient client = new CalcServiceReference.CalculatorClient();

        while(true)

        {

            double x = 100.0;

            double y = 200.0;

            CalculatorResult result = client.Add(x, y);

            Console.WriteLine(result.Result.ToString());

            Console.ReadLine();

        }

    }

Appconfig的配置如下:

 <system.serviceModel>

    <bindings>

        <basicHttpBinding>

            <binding name="BasicHttpBinding_ICalculator" />

        </basicHttpBinding>

    </bindings>

    <client>

        <endpoint address="http://127.0.0.1:8889/calculatorservice" binding="basicHttpBinding"

            bindingConfiguration="BasicHttpBinding_ICalculator" contract="CalcServiceReference.ICalculator"

            name="BasicHttpBinding_ICalculator" />

    </client>

</system.serviceModel>

4.运行

先运行服务端,再运行客户端.在客户端控制台敲回车,传输100和200的服务端计算,然后服务端返回给客户端打印出300,得到100+200的正确结果.

5.明文传输

用HTTP Analyzer Full抓包查看,传输的数据为明文,如下2个图片

6.说明

这个例子中使用的basicHttpBinding绑定, 接下来我将一步步改造这个项目,使能最简单实现加密传输

7.修改服务端的配置

a.修改endpoint的binding为wsHttpBinding
b.在节点中增加一个关于wsHttpBinding的配置wsHttpBindingConfiguration, 并且
c.修改endpoint下的bindingConfiguration的为wsHttpBindingConfiguration

8.制作一个证书

在vs的控制台输入:

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=FirstCer -sky exchange –pe

makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=FirstCer -sky exchange –pe[这句不运行]

这样就制作了一个证书.

b.控制台打开MCC,
c.File-->Remove/Add Snap-in
d.选择Cerfiticates双击,在弹出框中选择Computer Account,点击next-->Finish,点击OK.
e.在左边树形目录中有了新节点:Certificates(Local Computer),点击Personal下的Certificates,发现FirstCer已经创建
f.右键点击FirstCer,选择COPY,
g.展开树形Trusted People-->Certificates,粘贴FirstCer到此处

在behaviors-->serviceBehaviors下增加

<behavior name="behaviorConfig">

<serviceMetadata httpGetEnabled="true" httpGetUrl="http://127.0.0.1:8889/calculatorservice/data" />

<serviceCredentials>

<!--指定一个 X. 证书，用户对认证中的用户名密码加密解密-->

<serviceCertificate findValue="FirstCer" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>

<clientCertificate>

<authentication certificateValidationMode="None"/>

</clientCertificate>

</serviceCredentials>

</behavior>

并在services-service中增加这个behaviorConfig.

 behaviorConfiguration="behaviorConfig"

9.更新客户端服务引用

a.启动服务端
b.在VS中更新客户端的服务引用,appconfig得到更新.发现endpoint中增加一个节点

test

<identity>

    <certificate encodedValue="XXXXXXXXXX" />

</identity>

c.bindings中也自动更新节点wsHttpBinding

10.测试

1.启动服务端,再启动客户端,成功了么???????

NO,客户端出错了.出错信息:

The X.509 certificate CN=FirstCer chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The signature of the certificate cannot be verified.

- 2.客户端手动添加behaviors

-test

<behaviors>

  <endpointBehaviors>

    <behavior name="wsHttpBindingBehavior">

      <clientCredentials  >

        <serviceCertificate >

          <authentication  certificateValidationMode="None"  />

        </serviceCertificate>

      </clientCredentials>

    </behavior>

  </endpointBehaviors>

</behaviors>

同时在endpoint中添加 behaviorConfiguration="wsHttpBindingBehavior"

记住:这一步非要重要,自动更新引用的时候, behaviorConfiguration="wsHttpBindingBehavior"容易丢掉.

在启动服务端,客户端,发现能通信了.并且抓包测试如下图

代码下载地址:https://download.csdn.net/download/hanghangz/11033385

说明:

makecert.exe 生成的正式可以在 LocalMachine或是在CurrentUser下
手动补充wsHttpBindingBehavior这一步非常重要
必须你自己创建一个证书,不能用我代码的encodedValue
代码中包含改造前和改造后的代码,你可以按照文字一步一步来操作.

接下来,还需要研究怎么在生产环境来使用.