带压缩的 WCF 消息安全性

Posted

技术标签:

【中文标题】带压缩的 WCF 消息安全性【英文标题】:WCF message security with compression 【发布时间】:2011-07-08 18:20:48 【问题描述】:

压缩启用了消息安全的 WCF 服务的通信的最佳做法是什么,它不是托管在 IIS 上并使用 HTTP 作为传输协议?

在我的搜索中,我发现了在消息被保护后应用压缩的通道级别的实现(因此压缩不是最佳的)。

你能指出我正确的方向吗? 甚至更好:您知道在安全协议运行之前应用的任何 WCF 压缩实现(使用消息安全性)吗?

【问题讨论】:

【参考方案1】:

您可以使用 Microsoft Sample Compression (Microsoft WCF Samples\WCF\Extensibility\MessageEncoder\Compression),并且可以将 Message Security as TripleDesSha256 算法用作此配置。

<customBinding>
    <binding name="customNetTcpBinding">
      <transactionFlow transactionProtocol="OleTransactions" />
      <reliableSession ordered="true"/>
      <Compression innerMessageEncoding="binaryMessageEncoding"
          compressionAlgorithm="GZip" />
      <security defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SecureConversation" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
        <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
        <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="false" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        <secureConversationBootstrap defaultAlgorithmSuite="TripleDesSha256" authenticationMode="SspiNegotiated" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="Default" requireSecurityContextCancellation="true" requireSignatureConfirmation="false">
          <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
          <localServiceSettings detectReplays="true" issuedCookieLifetime="00:15:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
        </secureConversationBootstrap>
      </security>
      <tcpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" connectionBufferSize="8192" hostNameComparisonMode="StrongWildcard" channelInitializationTimeout="00:00:05" maxBufferSize="65536" maxPendingConnections="10" maxOutputDelay="00:00:00.2000000" maxPendingAccepts="1" transferMode="Buffered" listenBacklog="10" portSharingEnabled="false" teredoEnabled="false">
        <connectionPoolSettings groupName="default" leaseTimeout="00:05:00" idleTimeout="00:02:00" maxOutboundConnectionsPerEndpoint="10" />
      </tcpTransport>          
    </binding>      
  </customBinding>

【讨论】:

以上是关于带压缩的 WCF 消息安全性的主要内容,如果未能解决你的问题,请参考以下文章

具有消息安全性的 WCF 路由

WCF 身份验证 - 验证消息的安全性时出错

WCF 消息安全证书

WCF netNamedPipeBinding 消息级别的安全性,这可能吗?

WCF 服务 - 具有用户名身份验证的证书和消息安全性

WCF 传输与消息