1. 首页
  2. 问答
  3. WCF响应没有签名或加密

WCF响应没有签名或加密

2011-08-09 34 views
1

我主持一个WCF服务,我得到的请求,可以unsigned和uncrypted它没有custombindings的问题,但为什么我的回应不会自动siped和加密?任何一个帮助?WCF响应没有签名或加密

<customBinding> 
    <binding name="DutyTravelSOAP12Binding"> 
     <transactionFlow transactionProtocol="WSAtomicTransaction11"/> 
     <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" 
      messageVersion="Soap11" writeEncoding="utf-8"> 
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
      maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
     </textMessageEncoding> 
     <security defaultAlgorithmSuite="Basic128Rsa15" allowSerializedSigningTokenOnReply="true" 
      enableUnsecuredResponse="true" authenticationMode="MutualCertificate" 
      requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="False" 
      keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt" 
      messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
      allowInsecureTransport="false"> 
     <localClientSettings detectReplays="false" maxClockSkew="00:25:00" 
      replayWindow="00:25:00" sessionKeyRolloverInterval="00:25:00" 
      timestampValidityDuration="00:25:00" /> 
     <localServiceSettings detectReplays="false" /> 
     <secureConversationBootstrap allowSerializedSigningTokenOnReply="true" requireDerivedKeys="true" 
      enableUnsecuredResponse="false" securityHeaderLayout="Lax" keyEntropyMode="CombinedEntropy" 
      includeTimestamp="False" allowInsecureTransport="false" 
      requireSignatureConfirmation="true" authenticationMode="MutualCertificate" 
      messageProtectionOrder="SignBeforeEncrypt" defaultAlgorithmSuite ="Basic128Rsa15" 
      messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
      <localClientSettings detectReplays="true"/> 
      <localServiceSettings detectReplays="true"/> 
     </secureConversationBootstrap> 
     </security> 
     <httpTransport manualAddressing="false" maxBufferPoolSize="524288" 
     maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" 
     bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard" 
     keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" 
     realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" 
     useDefaultWebProxy="true"/> 
    </binding> 
    </customBinding>

这是我的自定义绑定

来源

2011-08-09 Ali Asger

+0

我将开始与这个'enableUnsecuredResponse'设置为'FALSE'。 –

+0

完成,没有帮助.. –

+1

Btw。为什么你有这么庞大的配置,其中一半的设置有默认值或完全没有使用?您是如何发现响应不安全的? –

回答

0

的textMessageEncoding元素通常安全元素之后去...

来源

2011-08-09 15:15:09 JohnC

相关问题

 相关问题