ASPNET WSE Web Services Enhancements WCF Windows Communication
内容提要 背景介绍 ASPNET WSE ( Web Services Enhancements ) WCF ( Windows Communication Foundation ) WSE 3. 0 应用较为广泛的功能块 Security Policy Diagnostics Tools 从 WSE 到 WCF 互操作性 Interoperability 转换 Migration
背景介绍 - 攀登Web Services的阶梯 WCF WSE ASP. NET
ASP. NET网�服� Security Management Reliability Business Process Transactions 应用软件层 … Metadata Connected Applications 网络基础 网络 Messaging XML HTTP TCP Custom … 传输层
. NET v 2. 0 平台网络服务 与WS-I Basic Profile兼容 定义Web. Service. Binding attribute [Web. Service. Binding(Conforms. To=Wsi. Profiles. Basic. Profile 1_1, Emit. Conformance. Claims=true)] [Web. Service(Namespace="Microsoft. Tech. Ed. China. Web. Services")] public class BPConformance_asmx { [Web. Method] public string Hello. World. BP() { string message = "'Hello World' from a Basic Profile compliant (BP-compliant) Web Service. "; return message; } }
Web Services Enhancements (WSE) Security Management Reliability Business Process Transactions 应用软件层 … Metadata Connected Applications 网络基础 网络 Messaging XML HTTP TCP Custom … 传输层
WSE 3. 0网络服务 建立在. NET平台上 定义Policy attribute [Web. Service(Namespace="Microsoft. Tech. Ed. China. Web. Services")] [Microsoft. Web. Services 3. Policy(“My. Server. Policy”)] public class WSE_asmx { [Web. Method] public string Hello. World () { return “Hello World!”; } }
WCF网�服� Security Management Reliability Business Process Transactions 应用软件层 … Metadata Connected Applications 网络基础 网络 Messaging XML HTTP TCP Custom … 传输层
WCF Web Services 全新的 Web Service 界面 Service. Contract, Operation. Contract attributes [Service. Contract] Public interface IHello. Service { [Operation. Contract] string Hello(); } public class Hello. Service : IHello. Service { public string Hello () { return “Hello”; } }
WSE 3. 0 – 安全 (Security) WSE = Security 所支持的安全令牌 Username x. 509 Certificate Kerberos token Security. Context. Token Derived. Key. Token Issued Token ( SAML ) Custom Token
WSE 3. 0 -安全 (Security) WSE 所支持的最常�的网�安全�例 : Username. For. Certificate Anonymous. For. Certificate Username. Over. Transport Kerberos (Windows) Mutual. Certificate 10 and Mutual. Certificate 11
生活�例 -客�端的 U/P+服�器的 Cert Internet Intranet Username/Password 用于身份验证 用server certificate来保护由用户 提供的symmetric key, 然后再用 这symmetric key来保护request 用先前的symmetric key 来保护response Application Server 验证 username/ Password
演示-客户端的U/P+服务器的Cert WSE 3. 0 Policy Assertion: Username. For. Certificate
WSE 3. 0 - Policy 每个Policy assertion 改变传输的信息 Policy 定义了一系列 Policy Assertions C u s to m S e c u r i ty 运行用户 定义的程序 C u s to m … and an output Pipeline S e c u r i ty T raci n g Output Soap Message T raci n g Input Soap Message
Policy文件是用于定义网络安全的 <anonymous. For. Certificate. Security establish. Security. Context="false" … message. Protection. Order="Sign. Before. Encrypt" require. Derived. Keys="true" ttl. In. Seconds="300"> <service. Token> <x 509 …/> </service. Token> <protection> <request signature. Options=“…" encrypt. Body="true" /> <response signature. Options=“…" encrypt. Body="true" /> <fault signature. Options=“…" encrypt. Body="false" /> </protection> </anonymous. For. Certificate. Security>
演示- Policy Wizard 如何用policy Wizard 具轻松地将网络安全加入 到一个简单的ASMX Web Service中
WSE 3. 0 - Diagnostics 如何看到最终被传输的信息: <diagnostics> <trace enabled=“true” input=“in. xml” output=“out. xml” /> </diagnostics> 出错后如何看到 stack trace: <diagnostics> <stack. Trace enabled=“true” /> </diagnostics>
WSE 3. 0 – 具(Tools) 与 Visual Studio 2005 紧密结合 Add Web Reference/Update Web Reference WSE Settings button 单独的 具(Standalone Tools) Wse. Wsdl 3. exe Wse. Config. Editor 3. exe X 509 Certificate 3. exe
从 WSE 3. 0 到 WCF - Interop 怎样的WSE 3. 0 App才容易和WCF相互操作呢? 用容易与WCF相互操作的ASMX Services: 简单的 schemas 与Basic Profile兼容的 SOAP 1. 1 用WSE所支持的policy assertions Http比TCP容易 尽量不要用: rpc/encoded SOAP Extensions
与WSE 3. 0 interop的WCF binding Custom. Binding with WSS 1. 0 可与 WSE 3. 0 Username. Over. Transport, Mutual. Certificate 10 Interop WSE 3. 0 turnkey Policy Security Assertions WCF custom binding Security Configuration Username. Over. Transport <security message. Security. Version=“WSSecurity 10 WSTrust. February 20 05 WSSecure. Conversation. February 2005 WSSecurity. Policy 11 Basic. Security. Profile 10” authentication. Mode=“Username. Over. Transport” </security> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” /> <username. Over. Transport. Security /> Mutual. Certificate 10 <mutual. Certificate 10 /> <security message. Security. Version=“WSSecurity 10 WSTrust. February 20 05 WSSecure. Conversation. February 2005 WSSecurity. Policy 11 Basic. Security. Profile 10” authentication. Mode=“Mutual. Certificate” </security> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” />
与WSE 3. 0 interop的WCF binding Custom. Binding with default security version 可与 WSE 3. 0 其余的 Policy Security Assertions Interop WSE 3. 0 Turnkey Policy Security Assertions WCF custom. Binding Security Configuration Username. For. Certificate <security authentication. Mode=“Username. For. Certificate”/> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” /> <username. For. Certificate /> Anonymous. For. Certificate <anonymous. For. Certificate /> Kerberos <kerberos /> Mutual. Certificate 11 <mutual. Certificate 11 /> <security authentication. Mode=“Anonymous. For. Certificate”/> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” /> <security authentication. Mode=“Kerberos”/> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” /> <security authentication. Mode=“Mutual. Certificate”/> <text. Message. Encoding message. Version=“Soap 12 WSAddressing. August 2004” />
演示- Interop 客户端: WSE 3. 0 服务器: WCF Anonymous. For. Certificate
从 WSE 3. 0 到 WCF - Migration 可将WSE policy assertions 对应到 WCF binding <policies> <policy name=“My. Policy"> <username. For. Certificate protection. Order="Sign. Before. Encrypt" derive. Keys="true“/> </policy> </policies> <custom. Binding> <binding name=“My. Binding"> <security authentication. Mode=“Username. For. Certificate" Message. Protection. Order="Sign. Before. Encrypt“ require. Derived. Keys="true”/> </binding> </custom. Binding>
演示- Migration 客户端: WSE policy file 服务器: WSE policy file Anonymous. For. Certificate WCF binding
从 WSE 3. 0 到 WCF - MTOM ( Message Transmission Optimization Mechanism ) 是一种传输附件的方式. 它便捷, 高 效,已为业界广泛地使用。 WSE: MTOM 只是一个Config switch <messaging> <mtom client. Mode=“On“ server. Mode=“optional“/> </messaging> WCF: MTOM是binding的一部分 <binding name=“My. Binding"> <mtom. Message. Encoding> </binding>
从 WSE 3. 0 到 WCF – Secure Conversation是一种加快传输安全信息的 手段. 它主要是采用了Symmetric Key技术,对传 递多条信息极为有利。 WSE: SC是policy的一个attribute <policies> <policy name=“My. Policy"> <username. For. Certificate establish. Security. Context=“true" /> </policy> </policies> WCF: SC是binding的一个attribute <binding name=“My. Binding"> <security mode = “Message” > <message establish. Security. Context=“true” /> </security> </binding>
从 WSE 3. 0 到 WCF – Custom Policy Assertion WSE: Custom Policy Assertion是Policy Extension <policies> <extension name=“My. Assertion” type=“My. Type, My. DLL” /> <extensions/> <policy name = “my. Server. Policy”> <My. Assertion>…</My. Assertion> </policy> </policies> WCF: custom binding element <binding. Element. Extension> <add name=“My. Encoder” type=“My. Type, My. DLL” /> </binding. Element. Extension> <binding name=“My. Binding"> <my. Message. Encoding>…</my. Message. Encoding> </binding>
从 WSE 3. 0 到 WCF – Custom Security Token WSE: Security Token Manager <security> <security. Token. Managers> <add token. Type=“. . ” type=“My. Token, My. DLL” /> </security. Token. Managers> </security> WCF: Service. Credential / Client. Credential sevice. Credentials credentials = new Custom. Credetials(); … Host. Description. Behaviors. Remove(typeof(Service. Credentials )); Host. Description. Behaviors. Add(credentials);
相关�接 在此次大会期� 您想更深入地了解WCF�?您想零距离接触将要�行 的WCF� ? �迎参加 有关Windows Communication Foundation (“Indigo”)的�座 (CON 210) 在此次大会之后 ��与 WSE 3. 0相关的网站: http: //msdn. microsoft. com/webservices/b uilding/wse/ ��与 WSE 3. 0相关的博客: Mark Fussell: http: //blogs. msdn. com/mfussell/ Hongmei Ge: http: //blogs. msdn. com/hongmeig/default. aspx
- Slides: 32