作法:建立安全工作階段
除了「basicHttpBinding」繫結之外,系統在 Windows Communication Foundation (WCF) 中提供的繫結會在訊息安全性啟用時自動使用安全工作階段。<>
根據預設,安全工作階段不會存留回收的 Web 伺服器。 當建立安全工作階段時,用戶端和服務會快取與安全工作階段有關聯的索引鍵。 當交換訊息時,只會交換快取索引鍵的識別碼。 如果回收 Web 伺服器,也會回收快取,讓 Web 伺服器無法為識別碼擷取快取索引鍵。 如果發生這種情況,便會將例外狀況擲回用戶端。 使用可設定狀態之安全性內容權杖 (SCT) 的安全工作階段可以存留已回收的 Web 伺服器。 如需詳細了解如何在安全工作階段使用具狀態的 SCT,請參閱如何建立安全工作階段的安全性內容權杖。
使用其中一個系統提供的繫結來指定服務使用安全工作階段
請將服務設定為使用支援訊息安全性之系統提供的繫結。
除了「basicHttpBinding」繫結之外,如果系統提供的繫結設為使用訊息安全性,WCF 會自動使用安全工作階段。<> 下表列出了支援訊息安全性之系統提供的繫結,以及訊息安全性是否為預設的安全性機制。
系統提供的繫結 組態項目 訊息安全性預設為開啟 BasicHttpBinding <basicHttpBinding> No WSHttpBinding <wsHttpBinding> Yes WSDualHttpBinding <wsDualHttpBinding> Yes WSFederationHttpBinding <wsFederationHttpBinding> Yes NetTcpBinding <netTcpBinding> No NetMsmqBinding <netMsmqBinding> No 下列程式碼範例是使用組態來指定名為
wsHttpBinding_Calculator的繫結,它使用 <wsHttpBinding> 、訊息安全性和安全工作階段。<bindings> <WSHttpBinding> <binding name = "wsHttpBinding_Calculator"> <security mode="Message"> <message clientCredentialType="Windows"/> </security> </binding> </WSHttpBinding> </bindings>下列程式碼範例指定將 <wsHttpBinding>、訊息安全性和安全工作階段用於保護
secureCalculator服務的安全。WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.Message; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows; // Create the Type instances for later use and the URI for // the base address. Type contractType = typeof(ICalculator); Type serviceType = typeof(Calculator); Uri baseAddress = new Uri("http://localhost:8036/serviceModelSamples/"); // Create the ServiceHost and add an endpoint, then start // the service. ServiceHost myServiceHost = new ServiceHost(serviceType, baseAddress); myServiceHost.AddServiceEndpoint (contractType, myBinding, "secureCalculator"); myServiceHost.Open();Dim myBinding As New WSHttpBinding() myBinding.Security.Mode = SecurityMode.Message myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows ' Create the Type instances for later use and the URI for ' the base address. Dim contractType As Type = GetType(ICalculator) Dim serviceType As Type = GetType(Calculator) Dim baseAddress As New Uri("http://localhost:8036/serviceModelSamples/") ' Create the ServiceHost and add an endpoint, then start ' the service. Dim myServiceHost As New ServiceHost(serviceType, baseAddress) myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator") myServiceHost.Open()注意
將
establishSecurityContext屬性設定為false,可關閉 <wsHttpBinding> 的安全工作階段。 對於其他系統提供的繫結程序,安全工作階段只能藉由建立自訂繫結程序來關閉。
使用自訂繫結來指定服務使用安全工作階段
請建立自訂繫結,指定 SOAP 訊息受到安全工作階段的保護。
如需詳細瞭解如何建立自訂繫結,請參閱如何自訂系統提供的繫結。
下列程式碼範例會使用組態來指定使用安全工作階段傳送訊息的自訂繫結。
<bindings> <!-- configure a custom binding --> <customBinding> <binding name="customBinding_Calculator"> <security authenticationMode="SecureConversation" /> <secureConversationBootstrap authenticationMode="SspiNegotiated" /> <textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8"/> <httpTransport/> </binding> </customBinding> </bindings>下列程式碼範例建立了一個會使用 MutualCertificate 驗證模式來啟動載入安全工作階段的自訂繫結。
SecurityBindingElement security = SecurityBindingElement.CreateMutualCertificateBindingElement(); // Use a secure session. security = SecurityBindingElement.CreateSecureConversationBindingElement(security, true); // Specify whether derived keys are required. security.SetKeyDerivation(true); // Create the custom binding. CustomBinding myBinding = new CustomBinding(security, new HttpTransportBindingElement()); // Create the Type instances for later use and the URI for // the base address. Type contractType = typeof(ICalculator); Type serviceType = typeof(Calculator); Uri baseAddress = new Uri("http://localhost:8036/serviceModelSamples/"); // Create the ServiceHost and add an endpoint, then start // the service. ServiceHost myServiceHost = new ServiceHost(serviceType, baseAddress); myServiceHost.AddServiceEndpoint (contractType, myBinding, "secureCalculator"); myServiceHost.Open();Dim security As SecurityBindingElement = SecurityBindingElement.CreateMutualCertificateBindingElement() ' Use a secure session. security = SecurityBindingElement.CreateSecureConversationBindingElement(security, True) ' Specify whether derived keys are required. security.SetKeyDerivation(True) ' Create the custom binding. Dim myBinding As New CustomBinding(security, New HttpTransportBindingElement()) ' Create the Type instances for later use and the URI for ' the base address. Dim contractType As Type = GetType(ICalculator) Dim serviceType As Type = GetType(Calculator) Dim baseAddress As New Uri("http://localhost:8036/serviceModelSamples/") ' Create the ServiceHost and add an endpoint, then start ' the service. Dim myServiceHost As New ServiceHost(serviceType, baseAddress) myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator") myServiceHost.Open()