的网络服务安全

1、WSE 3.0 的网络效力平安 内容提要背景引见ASPNETWSE ( Web Services Enhancements )WCF ( Windows Communication Foundation )WSE 3.0 运用较为广泛的功能块SecurityPolicyDiagnosticsTools从 WSE 到 WCF互操作性 Interoperability转换 Migration 背景引见 - 攀爬Web Services的阶梯ASP.NETWSEWCFASP.NET网络效力网络根底运用软件层传输层Connected ApplicationsManagementBusinessProc

2、essSecurityMessagingXMLMetadataTCPCustomReliabilityTransactions.NET v2.0 平台网络效力与WS-I Basic Profile兼容定义WebServiceBinding attributeWebServiceBinding(ConformsTo=WsiProfiles.BasicProfile1_1, EmitConformanceClaims=true)WebService(Namespace=Microsoft.TechEdChina.WebServices)public class BPConformance_asmx

3、 WebMethod public string HelloWorldBP() string message = Hello World from a Basic Profile compliant (BP-compliant) Web Service.;return message; Web Services Enhancements (WSE) 网络根底运用软件层传输层Connected ApplicationsManagementBusinessProcessSecurityReliabilityTransactionsMessagingXMLMetadataTCPCustomWSE 3

4、.0网络效力建立在.NET平台上定义Policy attributeWebService(Namespace=Microsoft.TechEdChina.WebServices)Microsoft.Web.Services3.Policy(“MyServerPolicy)public class WSE_asmx WebMethod public string HelloWorld () return “Hello World!; WCF网络效力网络根底运用软件层传输层Connected ApplicationsSecurityReliabilityTransactionsMessagingX

5、MLMetadataTCPCustomManagementBusiness ProcessWCF Web Services全新的 Web Service 界面ServiceContract, OperationContract attributesServiceContractPublic interface IHelloService OperationContractstring Hello();public class HelloService : IHelloService public string Hello () return “Hello; 为什么会有WSE?根本的 ASPNE

6、T 无法满足工业界对网络平安越来越多的需求WCF 又需求有较长的时间来完成, 至今仍未正式发行WS-* 通讯协议也需求有一个微软产品来支持WSE 就这样诞生了2003年2月WSE1.0 2005年11月2004年7月时间WSE2.0WSE3.0WSE 3.0 平安 (Security)WSE = Security所支持的平安令牌Username x. 509 Certificate Kerberos tokenSecurityContextToken DerivedKeyTokenIssued Token ( SAML )Custom TokenWSE 3.0 -平安 (Security)WS

7、E 所支持的最常见的网络平安实例:UsernameForCertificate AnonymousForCertificate UsernameOverTransportKerberos (Windows)MutualCertificate10 andMutualCertificate11生活实例-客户端的U/P+效力器的CertApplication ServerInternetIntranet验证 username/ Password用server certificate来维护由用户提供的symmetric key,然后再用这symmetric key来维护request用先前的symme

8、tric key来维护responseUsername/Password 用于身份验证 演示-客户端的U/P+效力器的CertWSE 3.0 Policy Assertion: UsernameForCertificate WSE 3.0 - PolicyPolicy 定义了一系列Policy AssertionsInput Soap MessageTracingSecurityCustomTraci ngSecurityCustom运转用户定义的程序OutputSoap Message每个Policy assertion 改动传输的信息 and an output PipelinePolic

9、y文件是用于定义网络平安的 演示- Policy Wizard如何用policy Wizard工具轻松地将网络平安参与到一个简单的ASMX Web Service中WSE 3.0 - Diagnostics如何看到最终被传输的信息:出错后如何看到 stack trace:WSE 3.0 工具(Tools)与 Visual Studio 2005 严密结合Add Web Reference/Update Web ReferenceWSE Settings button单独的工具(Standalone Tools)WseWsdl3.exeWseConfigEditor3.exeX509Certif

10、icate3.exe从 WSE 3.0 到 WCF - Interop怎样的WSE 3.0 App才容易和WCF相互操作呢?用容易与WCF相互操作的ASMX Services:简单的 schemas与Basic Profile兼容的SOAP 1.1用WSE所支持的policy assertionsHttp比TCP容易尽量不要用:rpc/encodedSOAP Extensions与WSE 3.0 interop的WCF bindingCustomBinding with WSS 1.0 可与 WSE 3.0 UsernameOverTransport, MutualCertificate10

11、InteropWSE 3.0 turnkey Policy Security AssertionsWCF custom binding Security ConfigurationUsernameOverTransportsecurity messageSecurityVersion=“WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10” authenticationMode=“UsernameOverTransport”MutualCer

12、tificate10security messageSecurityVersion=“WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10” authenticationMode=“MutualCertificate”与WSE 3.0 interop的WCF bindingCustomBinding with default security version 可与 WSE 3.0 其他的 Policy Security Assertions

13、InteropWSE 3.0 Turnkey Policy Security AssertionsWCF customBinding Security ConfigurationUsernameForCertificateAnonymousForCertificateKerberosMutualCertificate11演示- Interop客户端: WSE 3.0效力器: WCFAnonymousForCertificate从 WSE 3.0 到 WCF - Migration可将WSE policy assertions 对应到 WCF binding 演示- Migration客户端:

14、WSE policy file WCF binding效力器: WSE policy file WCF bindingAnonymousForCertificate从 WSE 3.0 到 WCF - MTOMMTOM ( Message Transmission Optimization Mechanism ) 是一种传输附件的方式. 它便利, 高效，已为业界广泛地运用。WSE: MTOM 只是一个Config switch WCF: MTOM是binding的一部分从 WSE 3.0 到 WCF Secure ConversationSecure Conversation是一种加快传输平安信

15、息的手段. 它主要是采用了Symmetric Key技术，对传送多条信息极为有利。WSE: SC是policy的一个attribute WCF: SC是binding的一个attribute从 WSE 3.0 到 WCF Custom Policy AssertionWSE:Custom Policy Assertion是Policy Extension WCF: custom binding element从 WSE 3.0 到 WCF Custom Security TokenWSE: Security Token ManagerseviceCredentials credentials

16、= new CustomCredetials();Host.Description.Behaviors.Remove(typeof(ServiceCredentials);Host.Description.Behaviors.Add(credentials); WCF: ServiceCredential / ClientCredential总结ASPNET为您奠定了Xml Web Services的根底; WSE 3.0为您提供了Secure Web Services良好的开端; WCF将最终协助您实现高效,便利及可靠的全新的Web Services在去年年底发行的WSE3.0, 有以下几个主要功能:SecurityPolicyDiagnosticsTools假设您已采用了WSE 3.0来协助提高您的网络平安, 那么它将与即将发行的WCF兼容 ( interop ) 假设您想在WCF发行后, 由WSE 3.0上升至WCF, 那么您也将很轻松地完成这个义务相关链接在此次大会期间您想更深化地了解W