我使用IDispatchMessageInspector为此。虽然不确定这是否是一种性能最佳的方法,但它已证明工作得很好。
我的客户使用邮件头来发送其唯一的GUID。 每个GUID对应于每个客户端证书,并且这些都存储在Windows注册表中。 GUID由客户端生成(我使用UuidCreateSequential())
我将与您分享我的解决方案。这是我的服务代码:
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
IList<IIdentity> identities = OperationContext.Current.ServiceSecurityContext.AuthorizationContext.Properties["Identities"] as IList<IIdentity>;
string clientGuid = request.Headers.GetHeader<string>("Guid", "MyNamespace");
if (clientGuid == null)
throw new FaultException("Client GUID not sent!");
Guid testGuid = Guid.Empty;
if (!Guid.TryParse(clientGuid, out testGuid))
{
throw new FaultException(string.Format("The format of the GUID '{0}' is not valid!", clientGuid));
}
IIdentity X509Identity = identities.Where(x => x.AuthenticationType == "X509").SingleOrDefault();
RegistryKey identityKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Identities");
string storedSubjectName = (string)identityKey.GetValue(clientGuid);
if (storedSubjectName == null)
{
string[] valueNames = identityKey.GetValueNames();
for (int idx = 0; idx < valueNames.Count(); idx++)
{
string testCN = (string)identityKey.GetValue(valueNames[idx]);
if (testCN == X509Identity.Name)
{
throw new FaultException(string.Format("Certificate '{0}' has already been registered!", X509Identity.Name));
}
}
identityKey.SetValue(clientGuid, X509Identity.Name, RegistryValueKind.String);
}
else
{
if (storedSubjectName != X509Identity.Name)
throw new FaultException(string.Format("Certificate '{0}' used by the user registered with the certificate '{0}'", X509Identity.Name, storedSubjectName));
}
identityKey.Close();
return null;
}
客户端上的代码:
应用程序启动时
RegistryKey guidKey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\MySoftware\\Settings");
string clientGuid = (string)guidKey.GetValue("Guid");
if (clientGuid == null)
{
clientGuid = UUID.mGetNewGUID().ToString();
guidKey.SetValue("Guid", clientGuid, RegistryValueKind.String);
}
一个辅助类独特的UUID感谢去this article
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
static class UUID
{
// ==========================================================
// GUID Creation
// ==========================================================
private const int RPC_S_OK = 0;
private const int RPC_S_OUT_OF_MEMORY = 14;
private const int RPC_S_UUID_NO_ADDRESS = 1739;
private const int RPC_S_UUID_LOCAL_ONLY = 1824;
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreateSequential(ref Guid guid);
[DllImport("rpcrt4.dll", SetLastError = true)]
public static extern int UuidCreate(ref Guid guid);
/// <summary>
/// Creates the machine GUID.
/// </summary>
public static Guid mGetNewGUID()
{
Guid guidMachineGUID = default(Guid);
int intReturnValue = UuidCreateSequential(ref guidMachineGUID);
switch (intReturnValue)
{
case RPC_S_OK:
return guidMachineGUID;
case RPC_S_OUT_OF_MEMORY:
throw new Exception("UuidCreate returned RPC_S_OUT_OF_MEMORY");
case RPC_S_UUID_NO_ADDRESS:
throw new Exception("UuidCreate returned RPC_S_UUID_NO_ADDRESS");
case RPC_S_UUID_LOCAL_ONLY:
throw new Exception("UuidCreate returned RPC_S_UUID_LOCAL_ONLY");
default:
throw new Exception("UuidCreate returned an unexpected value = " + intReturnValue.ToString());
}
}
}
在BeforeSendRequest的IClientMessageInspector
var guidHeader = new MessageHeader<string>(Service.ClientGuid);
var untypedGuid = guidHeader.GetUntypedHeader("Guid", "MyNamespace");
request.Headers.Add(untypedGuid);
谢谢您的回复!它看起来很有希望,但我有一个问题:GUID如何生成并存储在客户端上?是否有数据库参与? – jscheppers
@jscheppers我已更新我的回答 –
谢谢!这看起来非常好!它并不完全排除证书交换的选项,因为客户端仍然可以从注册表中提取GUID,但当然会提高吧!;) – jscheppers