About WCF security

2018-06-07 02:02:02

Why a service certificate is required when non-windows client credential specified ?

(i found some specifications on the book said that, a service certificate can be used to negotiate a symmetric key for messaging encryption and signing when negotiation is enabled, but if negotiation is disabled, the client must reference the certificate in the store or including the BASE64 encoded public key, it comes out another question as below)

when the negotiation is disabled, definitely the service certificate will be used for encrypting message, because the client knows the public key, but which one will be used for message signing ?

when the transport security is enabled, and the service certificate is also specified, it said that the certificate will be used for negotiate a SSL session key for message signing and encryption, it applied to all the bindings ,such as HTTP, TCP, etc.

when we are using the windows client credentials, which one will be used for message encryption and signing?

thanks.

IF you choose to authentucate the client you can choose between windows credentials, username, certificate or SAML token. If windows auth is not available you need some other mechanism.

As for the other questions please be more specific. In general client will generate a temporary key (session key) which will be used to encrypt the message. Server certificate will encrypt the session key.

链接地址: http://www.djcxy.com/p/21784.html

上一篇: 使用证书的服务器认证（进程）

下一篇: 关于WCF安全性