如何：创建安全会话

除 basicHttpBinding Element绑定外，已启用消息安全时，Windows Communication Foundation (WCF) 中系统提供的绑定将自动使用安全会话。

默认情况下，安全会话不会在已回收的 Web 服务器中存在。建立安全会话时，客户端和服务将缓存与安全会话关联的密钥。交换消息时，只交换已缓存密钥的标识符。如果回收了 Web 服务器，则也会回收缓存，因此 Web 服务器将无法检索该标识符的已缓存密钥。如果发生这种情况，将会引发异常并返回至客户端。使用有状态安全上下文令牌 (SCT) 的安全会话可以在回收的 Web 服务器中存在。有关在安全会话中使用有状态 SCT 的更多信息，请参见如何：为安全会话创建安全上下文令牌。

通过使用系统提供的一个绑定指定服务使用安全会话

• 配置服务以使用支持消息安全的系统提供的绑定。

  除 basicHttpBinding Element绑定外，在系统提供的绑定配置为使用消息安全时，WCF 将自动使用安全会话。下表列出了支持消息安全的系统提供的绑定以及消息安全是否是默认的安全机制。

  系统提供的绑定	配置元素	默认情况下是否启用消息安全
  BasicHttpBinding	basicHttpBinding Element	否
  WSHttpBinding	wsHttpBinding Element	是
  WSDualHttpBinding	wsDualHttpBinding Element	是
  WSFederationHttpBinding	wsFederationHttpBinding element	是
  NetTcpBinding	netTcpBinding Element	否
  NetMsmqBinding	netMsmqBinding Element	否

  下面的代码示例使用配置指定名为 wsHttpBinding_Calculator 的绑定，该绑定使用了 wsHttpBinding Element、消息安全和安全会话。

  <bindings>
    <WSHttpBinding>
     <binding name = "wsHttpBinding_Calculator">
       <security mode="Message">
         <message clientCredentialType="Windows"/>
       </security>
      </binding>
    </WSHttpBinding>
  </bindings>
  

  下面的代码示例指定了用于保护 secureCalculator 服务的 wsHttpBinding Element、消息安全和安全会话。

  Dim myBinding As New WSHttpBinding()
  myBinding.Security.Mode = SecurityMode.Message
  myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows
  
  ' Create the Type instances for later use and the URI for 
  ' the base address.
  Dim contractType As Type = GetType(ICalculator)
  Dim serviceType As Type = GetType(Calculator)
  Dim baseAddress As New Uri("https://localhost:8036/serviceModelSamples/")
  
  ' Create the ServiceHost and add an endpoint, then start
  ' the service.
  Dim myServiceHost As New ServiceHost(serviceType, baseAddress)
  myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator")
  myServiceHost.Open()
  

  WSHttpBinding myBinding = new WSHttpBinding();
  myBinding.Security.Mode = SecurityMode.Message;
  myBinding.Security.Message.ClientCredentialType =
      MessageCredentialType.Windows;
  
  // Create the Type instances for later use and the URI for 
  // the base address.
  Type contractType = typeof(ICalculator);
  Type serviceType = typeof(Calculator);
  Uri baseAddress = new
      Uri("https://localhost:8036/serviceModelSamples/");
  
  // Create the ServiceHost and add an endpoint, then start
  // the service.
  ServiceHost myServiceHost =
      new ServiceHost(serviceType, baseAddress);
  myServiceHost.AddServiceEndpoint
      (contractType, myBinding, "secureCalculator");
  myServiceHost.Open();
  

  注意：
  通过将 establishSecurityContext 属性设置为 false，可以为 wsHttpBinding Element关闭安全会话。对于其他系统提供的绑定，只能通过创建自定义绑定来关闭安全会话。

通过使用自定义绑定来指定服务使用安全会话

• 创建一个自定义绑定，该绑定指定由安全会话保护 SOAP 消息。

  有关创建自定义绑定的更多信息，请参见如何：自定义系统提供的绑定。

  下面的代码示例使用配置来指定使用安全会话的消息的自定义绑定。

  <bindings>
    <!-- configure a custom binding -->
    <customBinding>
      <binding name="customBinding_Calculator">
        <security authenticationMode="SecureConversation" />
        <secureConversationBootstrap authenticationMode="SspiNegotiated" />
        <textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8"/>
        <httpTransport/>
      </binding>
    </customBinding>
  </bindings>
  

  下面的代码示例创建一个自定义绑定，该绑定使用 MutualCertificate 身份验证模式启动安全会话。

  Dim security As SecurityBindingElement = SecurityBindingElement.CreateMutualCertificateBindingElement()
  
  ' Use a secure session.
  security = SecurityBindingElement.CreateSecureConversationBindingElement(security, True)
  
  ' Specify whether derived keys are required.
  security.SetKeyDerivation(True)
  
  ' Create the custom binding.
  Dim myBinding As New CustomBinding(security, New HttpTransportBindingElement())
  
  ' Create the Type instances for later use and the URI for 
  ' the base address.
  Dim contractType As Type = GetType(ICalculator)
  Dim serviceType As Type = GetType(Calculator)
  Dim baseAddress As New Uri("https://localhost:8036/serviceModelSamples/")
  
  ' Create the ServiceHost and add an endpoint, then start
  ' the service.
  Dim myServiceHost As New ServiceHost(serviceType, baseAddress)
  myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator")
  myServiceHost.Open()
  

  SecurityBindingElement security = SecurityBindingElement.CreateMutualCertificateBindingElement();
  
  // Use a secure session.
  security = SecurityBindingElement.CreateSecureConversationBindingElement(security, true);
  
  // Specify whether derived keys are required.
  security.SetKeyDerivation(true);
  
  // Create the custom binding.
  CustomBinding myBinding = new CustomBinding(security, new HttpTransportBindingElement());
  
  // Create the Type instances for later use and the URI for 
  // the base address.
  Type contractType = typeof(ICalculator);
  Type serviceType = typeof(Calculator);
  Uri baseAddress = new
      Uri("https://localhost:8036/serviceModelSamples/");
  
  // Create the ServiceHost and add an endpoint, then start
  // the service.
  ServiceHost myServiceHost =
      new ServiceHost(serviceType, baseAddress);
  myServiceHost.AddServiceEndpoint
      (contractType, myBinding, "secureCalculator");
  myServiceHost.Open();
  

另请参见

概念

Windows Communication Foundation 绑定概述