带压缩的 WCF 消息安全性
Posted
技术标签:
【中文标题】带压缩的 WCF 消息安全性【英文标题】:WCF message security with compression 【发布时间】:2011-07-08 18:20:48 【问题描述】:压缩启用了消息安全的 WCF 服务的通信的最佳做法是什么,它不是托管在 IIS 上并使用 HTTP 作为传输协议?
在我的搜索中,我发现了在消息被保护后应用压缩的通道级别的实现(因此压缩不是最佳的)。
你能指出我正确的方向吗? 甚至更好:您知道在安全协议运行之前应用的任何 WCF 压缩实现(使用消息安全性)吗?
【问题讨论】:
【参考方案1】:您可以使用 Microsoft Sample Compression (Microsoft WCF Samples\WCF\Extensibility\MessageEncoder\Compression),并且可以将 Message Security as TripleDesSha256 算法用作此配置。
<customBinding>
<binding name="customNetTcpBinding">
<transactionFlow transactionProtocol="OleTransactions" />
<reliableSession ordered="true"/>
<Compression innerMessageEncoding="binaryMessageEncoding"
compressionAlgorithm="GZip" />
<security defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SecureConversation" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SspiNegotiated" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="00:15:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
</secureConversationBootstrap>
</security>
<tcpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" connectionBufferSize="8192" hostNameComparisonMode="StrongWildcard" channelInitializationTimeout="00:00:05" maxBufferSize="65536" maxPendingConnections="10" maxOutputDelay="00:00:00.2000000" maxPendingAccepts="1" transferMode="Buffered" listenBacklog="10" portSharingEnabled="false" teredoEnabled="false">
<connectionPoolSettings groupName="default" leaseTimeout="00:05:00" idleTimeout="00:02:00" maxOutboundConnectionsPerEndpoint="10" />
</tcpTransport>
</binding>
</customBinding>
【讨论】:
以上是关于带压缩的 WCF 消息安全性的主要内容,如果未能解决你的问题,请参考以下文章