HOW TO：建立安全工作階段

利用 basicHttpBinding Element 繫結的例外狀況，當啟用訊息安全性時，Windows Communication Foundation (WCF) 中由系統提供的繫結會自動使用安全工作階段。

根據預設，安全工作階段不會存留回收的 Web 伺服器。當建立安全工作階段時，用戶端和服務會快取與安全工作階段有關聯的索引鍵。當交換訊息時，只會交換快取索引鍵的識別碼。如果回收 Web 伺服器，也會回收快取，讓 Web 伺服器無法為識別碼擷取快取索引鍵。如果發生這種情況，便會將例外狀況擲回用戶端。使用可設定狀態的安全性內容權杖 (SCT) 的安全工作階段可以存留要回收的 Web 伺服器。如需詳細資訊 在安全工作階段中使用可設定狀態之 SCT 的詳細資訊，請參閱 HOW TO：為安全工作階段建立安全性內容權杖。

使用其中一個系統提供的繫結來指定服務使用安全工作階段

• 請將服務設定為使用支援訊息安全性之系統提供的繫結。

  利用 basicHttpBinding Element 繫結的例外狀況，當系統提供的繫結設定為使用訊息安全性時，WCF 會自動使用安全工作階段。下表列出了支援訊息安全性之系統提供的繫結，以及訊息安全性是否為預設的安全性機制。

  系統提供的繫結	組態項目	訊息安全性預設為開啟
  BasicHttpBinding	basicHttpBinding Element	否
  WSHttpBinding	wsHttpBinding Element	是
  WSDualHttpBinding	wsDualHttpBinding Element	是
  WSFederationHttpBinding	wsFederationHttpBinding element	是
  NetTcpBinding	netTcpBinding Element	否
  NetMsmqBinding	netMsmqBinding Element	否

  下列程式碼範例是使用組態來指定名為 wsHttpBinding_Calculator 的繫結，它使用 wsHttpBinding Element、訊息安全性和安全工作階段。

  <bindings>
    <WSHttpBinding>
     <binding name = "wsHttpBinding_Calculator">
       <security mode="Message">
         <message clientCredentialType="Windows"/>
       </security>
      </binding>
    </WSHttpBinding>
  </bindings>
  

  下列程式碼範例會指定 wsHttpBinding Element、訊息安全性和安全工作階段是用於保護 secureCalculator 服務的安全。

  Dim myBinding As New WSHttpBinding()
  myBinding.Security.Mode = SecurityMode.Message
  myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows
  
  ' Create the Type instances for later use and the URI for 
  ' the base address.
  Dim contractType As Type = GetType(ICalculator)
  Dim serviceType As Type = GetType(Calculator)
  Dim baseAddress As New Uri("https://localhost:8036/serviceModelSamples/")
  
  ' Create the ServiceHost and add an endpoint, then start
  ' the service.
  Dim myServiceHost As New ServiceHost(serviceType, baseAddress)
  myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator")
  myServiceHost.Open()
  

  WSHttpBinding myBinding = new WSHttpBinding();
  myBinding.Security.Mode = SecurityMode.Message;
  myBinding.Security.Message.ClientCredentialType =
      MessageCredentialType.Windows;
  
  // Create the Type instances for later use and the URI for 
  // the base address.
  Type contractType = typeof(ICalculator);
  Type serviceType = typeof(Calculator);
  Uri baseAddress = new
      Uri("https://localhost:8036/serviceModelSamples/");
  
  // Create the ServiceHost and add an endpoint, then start
  // the service.
  ServiceHost myServiceHost =
      new ServiceHost(serviceType, baseAddress);
  myServiceHost.AddServiceEndpoint
      (contractType, myBinding, "secureCalculator");
  myServiceHost.Open();
  

  注意：
  將 establishSecurityContext 屬性設定為 false 以關閉 wsHttpBinding Element 的安全工作階段。對於其他系統提供的繫結，安全工作階段只能藉由建立自訂繫結來關閉。

使用自訂繫結來指定服務使用安全工作階段

• 請建立自訂繫結，指定 SOAP 訊息受到安全工作階段的保護。

  如需詳細資訊 建立自訂繫結的詳細資訊，請參閱 HOW TO：自訂系統提供的繫結。

  下列程式碼範例會使用組態來指定使用安全工作階段傳送訊息的自訂繫結。

  <bindings>
    <!-- configure a custom binding -->
    <customBinding>
      <binding name="customBinding_Calculator">
        <security authenticationMode="SecureConversation" />
        <secureConversationBootstrap authenticationMode="SspiNegotiated" />
        <textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8"/>
        <httpTransport/>
      </binding>
    </customBinding>
  </bindings>
  

  下列程式碼範例建立了一個會使用 MutualCertificate 驗證模式來啟動載入安全工作階段的自訂繫結。

  Dim security As SecurityBindingElement = SecurityBindingElement.CreateMutualCertificateBindingElement()
  
  ' Use a secure session.
  security = SecurityBindingElement.CreateSecureConversationBindingElement(security, True)
  
  ' Specify whether derived keys are required.
  security.SetKeyDerivation(True)
  
  ' Create the custom binding.
  Dim myBinding As New CustomBinding(security, New HttpTransportBindingElement())
  
  ' Create the Type instances for later use and the URI for 
  ' the base address.
  Dim contractType As Type = GetType(ICalculator)
  Dim serviceType As Type = GetType(Calculator)
  Dim baseAddress As New Uri("https://localhost:8036/serviceModelSamples/")
  
  ' Create the ServiceHost and add an endpoint, then start
  ' the service.
  Dim myServiceHost As New ServiceHost(serviceType, baseAddress)
  myServiceHost.AddServiceEndpoint(contractType, myBinding, "secureCalculator")
  myServiceHost.Open()
  

  SecurityBindingElement security = SecurityBindingElement.CreateMutualCertificateBindingElement();
  
  // Use a secure session.
  security = SecurityBindingElement.CreateSecureConversationBindingElement(security, true);
  
  // Specify whether derived keys are required.
  security.SetKeyDerivation(true);
  
  // Create the custom binding.
  CustomBinding myBinding = new CustomBinding(security, new HttpTransportBindingElement());
  
  // Create the Type instances for later use and the URI for 
  // the base address.
  Type contractType = typeof(ICalculator);
  Type serviceType = typeof(Calculator);
  Uri baseAddress = new
      Uri("https://localhost:8036/serviceModelSamples/");
  
  // Create the ServiceHost and add an endpoint, then start
  // the service.
  ServiceHost myServiceHost =
      new ServiceHost(serviceType, baseAddress);
  myServiceHost.AddServiceEndpoint
      (contractType, myBinding, "secureCalculator");
  myServiceHost.Open();
  

另請參閱

概念

Windows Communication Foundation 繫結概觀