我在服务和客户端之间使用WCF(Windows服务自助主机)netTCP。这就是自定义绑定的样子
<binding name="netTcpWindowMessageSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false" />
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
我唯一要做的就是将当前(已登录)Windows用户(在客户端上)映射到我的服务中的用户。
我了解服务和客户端之间的通信将被加密,但是会使用Kerberos吗?我怎么知道?是什么决定了是否使用它?
编辑 :
我可以在Evenlog>安全性中看到此内容
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x310
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
通过遵循Erik Funkenbusch的建议,我确保了通信的安全性。这是我不得不改变的
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" clientCredentialType="Windows"></transport>
</security>
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句