WCF basicHttpBinding之Transport Security Mode, clientCredentialType="None"

原创地址：http://www.cnblogs.com/jfzhu/p/4071342.html

转载请注明出处

前面文章介绍了《WCF basicHttpBinding之Message Security Mode》如何basicHttpBinding的Message Security Mode，并且clientCredentialType用的是certificate。

本文演示basicHttpbinding使用Transport Security Mode，并且clientCredentialType="None"。

（一）WCF 服务代码与配置文件

IDemoService.cs

using System.ServiceModel;

namespace WCFDemo
{
    [ServiceContract(Name = "IDemoService")]
    public interface IDemoService
    {
        [OperationContract]
        [FaultContract(typeof(DivideByZeroFault))]
        int Divide(int numerator, int denominator);
    }
}

DemoService.cs

using System;
using System.ServiceModel;
using System.ServiceModel.Activation;

namespace WCFDemo
{
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
    public class DemoService : IDemoService
    {
        public int Divide(int numerator, int denominator)
        {
            try
            {
                return numerator / denominator;
            }
            catch (DivideByZeroException ex)
            {
                DivideByZeroFault fault = new DivideByZeroFault();
                fault.Error = ex.Message;
                fault.Detail = "Denominator cannot be ZERO!";
                throw new FaultException<DivideByZeroFault>(fault);
            }
        }
    }
}

完整的代码也可以参见《WCF服务创建与抛出强类型SOAP Fault》。

server web.config

<?xml version="1.0"?>
<configuration>
    <system.web>
      <compilation debug="true" targetFramework="4.0" />
    </system.web>
    <system.serviceModel>
      <bindings>
        <basicHttpBinding>
          <binding name="basicBinding">
            <security mode="Transport">
              <transport clientCredentialType="None" />
            </security>
          </binding>
        </basicHttpBinding>
      </bindings>
      <services>
        <service name="WCFDemo.DemoService" behaviorConfiguration="CustomBehavior">
          <endpoint address="DemoService" binding="basicHttpBinding" contract="WCFDemo.IDemoService" bindingConfiguration="basicBinding" />
          <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
        </service>
      </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="CustomBehavior">
                    <serviceMetadata httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="false" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
</configuration> 

（二）为WCF Service application添加一个https binding。

具体作法参见《Step by Step 配置使用HTTPS的ASP.NET Web应用》。

配置完https binding之后，双击SSL Settings

勾选Require SSL，点击Apply。

Http的Binding还是不可缺少，否则会出现下面的错误

（三）在客户端安装SSL根证书

由于https证书使用的是

所以我们使用的WCF Service URL为 https://win-ounm08eqe64.henry.huang/DemoService.svc

在客户端，为C:\Windows\System32\Drivers\etc\host 添加一条记录

然后安装根证书

双击根证书文件，弹出证书属性的对话框，此时该根证书并不受信任，我们需要将其加入“受信任的根证书颁发机构”，点击安装证书

（四）客户端代码与配置文件

在客户端Visual Studio添加Service Reference

private void buttonCalculate_Click(object sender, EventArgs e)
{
    try
    {
        textBoxResult.Text = demoServiceClient.Divide(Convert.ToInt32(textBoxNumerator.Text), Convert.ToInt32(textBoxDenominator.Text)).ToString();
    }
    catch (FaultException<DemoServiceReference.DivideByZeroFault> fault)
    {
        MessageBox.Show(fault.Detail.Error + " - " + fault.Detail.Detail);
    }
}

client app.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="BasicHttpBinding_IDemoService">
                    <security mode="Transport" />
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="https://win-ounm08eqe64.henry.huang/DemoService.svc/DemoService"
                binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDemoService"
                contract="DemoServiceReference.IDemoService" name="BasicHttpBinding_IDemoService" />
        </client>
    </system.serviceModel>
</configuration>

（五）运行代码，监听Message

使用Fiddler，发现消息全部加密

但是如果用Microsoft Service Trace Viewer查看Message Log（参见《使用WCF的Trace与Message Log功能 》），可以看到解密后的信息，因为它不是在wire上监听，而Fiddler是在wire上进行监听。

Request:

Response:

（六）总结

Transport Security Mode是传输协议级的加密，而Message Security Mode是对消息级别的加密。每种协议都有自己对应的传输协议级的加密方式，比如HTTP的加密方式就为SSL。