0

selfhost でホストされている WCF サービスを取得し、TCP 経由で winform クライアントと通信します。これは、証明書 (イントラネットのトランスポート) を設定するための正しい方法ですか? 通信が確実に暗号化されていることを確認するにはどうすればよいですか?

サービス

<behavior name="MyAppClientService.Certificate_Behavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceMetadata httpGetEnabled="true"/>
          <customBehaviorExtension_ClientService/>
          <serviceThrottling maxConcurrentCalls="2000" maxConcurrentSessions="2147483647" maxConcurrentInstances="2000"/>
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyApp.ServiceImplementation.CustomUsernamePasswordValidator, MyApp.ServiceImplementation"/>
            <serviceCertificate findValue="MyAppServer"
                  storeLocation="CurrentUser"
                  storeName="TrustedPeople"
                  x509FindType="FindBySubjectName" />
          </serviceCredentials>
          <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="MyApp.ServiceImplementation.CustomServiceAuthorizationManager, MyApp.ServiceImplementation">
            <authorizationPolicies>
              <add policyType="MyApp.ServiceImplementation.CustomAuthorizationPolicy_ClientService, MyApp.ServiceImplementation"/>
            </authorizationPolicies>
          </serviceAuthorization>
        </behavior>


<services>
      <service behaviorConfiguration="MyAppClientService.Certificate_Behavior" name="MyApp.ServiceImplementation.MyAppClientService">
        <endpoint binding="netTcpBinding" bindingConfiguration="netTcpCertificate" behaviorConfiguration="protoEndpointBehavior" bindingNamespace="http://MyApp.ServiceContracts/2007/11" contract="MyApp.ServiceContracts.IMyAppClientService" address="Sll"/>
        <!-- No need for MEX for this service -->
        <!--<endpoint address="httpMex" binding="mexHttpBinding" contract="IMetadataExchange"/>-->
        <!--<endpoint address="tcpMex" binding="mexTcpBinding" contract="IMetadataExchange"/>-->
        <host>
          <baseAddresses>
            <add baseAddress="net.tcp://localhost:8035/MyApp5Service/Client/"/>
            <add baseAddress="http://localhost:8002/MyApp5Service/Client"/>
          </baseAddresses>
        </host>

      </service>


<bindings>
      <netTcpBinding>
        <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="Transport">
            <transport clientCredentialType="Certificate"/>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </netTcpBinding>
    </bindings>

クライアント

<behaviors>
      <endpointBehaviors>
        <behavior name="protoCertificateEndpointBehavior">
          <clientCredentials>
            <clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>
            <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </serviceCertificate>
          </clientCredentials>
          <CustomMessageInspector/>
          <protobuf/>
        </behavior>
      </endpointBehaviors>
    </behaviors>

    <client>
          <endpoint address="net.tcp://localhost:8035/MyApp5Service/Client/Sll" behaviorConfiguration="protoCertificateEndpointBehavior" binding="netTcpBinding" bindingConfiguration="netTcpCertificate" contract="MyApp.ServiceContracts.IMyAppClientService" name="SelfHostProtoCert_RegularLogin">
            <identity>
              <dns value="MyAppServer" />
            </identity>
          </endpoint>
        </client>


        <bindings>
              <netTcpBinding>
                <!-- http://msdn.microsoft.com/en-us/library/ff648863.aspx -->
                <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
                  <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
                  <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
                  <security mode="Transport">
                    <transport clientCredentialType="Certificate"/>
                    <message clientCredentialType="Certificate"/>
                  </security>
                </binding>
              </netTcpBinding>
            </bindings>
4

1 に答える 1

0

構成は一見良さそうです。しかし、ここで、トラフィックが実際に暗号化されていることを確認する方法について別の質問があります。ネットワークモニターを試してtcpトラフィックをキャプチャできると思います。SSLトラフィックを復号化するためのツールがいくつかあります。

于 2013-02-27T10:54:38.000 に答える