SecureConversationServiceCredential.SecurityStateEncoder 属性

定义

获取或设置用于对 Cookie 序列化进行编码和解码的自定义 SecurityStateEncoder

public:
 property System::ServiceModel::Security::SecurityStateEncoder ^ SecurityStateEncoder { System::ServiceModel::Security::SecurityStateEncoder ^ get(); void set(System::ServiceModel::Security::SecurityStateEncoder ^ value); };
public System.ServiceModel.Security.SecurityStateEncoder SecurityStateEncoder { get; set; }
member this.SecurityStateEncoder : System.ServiceModel.Security.SecurityStateEncoder with get, set
Public Property SecurityStateEncoder As SecurityStateEncoder

属性值

SecurityStateEncoder

一个 SecurityStateEncoder 对象,它是自定义的 DataProtectionSecurityStateEncoder

示例

下面的代码演示如何设置此属性。

static void Configure(ServiceHost serviceHost)
{
    /*
     * There are certain settings that cannot be configured via app.config.
     * The security state encoder is one of them.
     * Plug in a SecurityStateEncoder that uses the configured certificate
     * to protect the security context token state.
     *
     * Note: You don't need a security state encoder for cookie mode.  This was added to the
     * sample to illustrate how you would plug in a custom security state encoder should
     * your scenario require one.
     * */
    serviceHost.Credentials.SecureConversationAuthentication.SecurityStateEncoder =
            new CertificateSecurityStateEncoder(serviceHost.Credentials.ServiceCertificate.Certificate);

注解

在“Cookie 模式”中,服务会以 Cookie 形式向客户端颁发安全上下文令牌 (SCT),如此一来,服务就无需维护任何安全状态。 客户端会在请求消息中将 Cookie 发送回去,如此一来,服务就会了解如何取消对请求消息的保护以及如何对其进行验证。 由于通常在不安全的网络上传输 SCT,所以必须对其加以保护。

默认情况下,Windows Communication Foundation (WCF) 使用DataProtectionSecurityStateEncoder类来保护 Cookie (DPAPI) 。 若要让 DPAPI 在网络场环境中发挥作用,所有后端服务都必须使用相同的域用户帐户运行。 也就是说,如果服务是 Web 承载的类型,则必须将 Internet 信息服务 (IIS) 辅助进程配置为以域用户身份运行。

此属性使您可以使用自定义的 SecurityStateEncoder 对 Cookie 进行加密和解密,而不依赖 DPAPI。

适用于