Metro web service with SSL - Is this a secure conversation
I have the following conversation log (from WCF Trace file). It shows a WCF client calling an SSL protected Metro web service. Does the conversation have applied security? How do I know this from the logs?
Message Source: ServiceLevelSendRequest
Message Type: System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage
<MessageLogTraceRecord Time="2011-09-22T01:33:06.4045159+02:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
<a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"></VsDebuggerCausalityData>
</s:Header>
<s:Body>
<hello xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://webService/">
<name xmlns="">Dani</name>
</hello>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
Message Source: TransportSend
Message Type: System.ServiceModel.Security.SecurityAppliedMessage
<MessageLogTraceRecord Time="2011-09-22T01:33:06.4105163+02:00" Source="TransportSend" Type="System.ServiceModel.Security.SecurityAppliedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
<a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo/CE9TN8gjlFg7wGpuXg+HYAAAAAjfdEWwkubUe9Mb/DW0Kwl7kxQkfs6KtNkycVwDcjc44ACQAA</VsDebuggerCausalityData>
<a:To s:mustUnderstand="1">https://localhost:8181/megegytest/hello</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2011-09-21T23:33:06.409Z</u:Created>
<u:Expires>2011-09-21T23:38:06.409Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<hello xmlns="http://webService/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<name xmlns="">Dani</name>
</hello>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
Message Source: TransportReceive
Message Type: System.ServiceModel.Channels.BufferedMessage
<MessageLogTraceRecord Time="2011-09-22T01:33:06.4165166+02:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
<Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
<wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body>
<ns2:helloResponse xmlns:ns2="http://webService/">
<return xmlns="">Hello Dani !</return>
</ns2:helloResponse>
</S:Body>
</S:Envelope>
</MessageLogTraceRecord>
Message Source: ServiceLevelReceiveReply
Message Type: System.ServiceModel.Security.SecurityVerifiedMessage
<MessageLogTraceRecord Time="2011-09-22T01:33:06.4245171+02:00" Source="ServiceLevelReceiveReply" Type="System.ServiceModel.Security.SecurityVerifiedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<HttpResponse>
<StatusCode>OK</StatusCode>
<StatusDescription>OK</StatusDescription>
<WebHeaders>
<Transfer-Encoding>chunked</Transfer-Encoding>
<Content-Type>text/xml;charset=utf-8</Content-Type>
<Date>Wed, 21 Sep 2011 23:33:06 GMT</Date>
<Server>GlassFish Server Open Source Edition 3.1.1</Server>
<X-Powered-By>Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Oracle Corporation/1.7)</X-Powered-By>
</WebHeaders>
</HttpResponse>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
<Action xmlns="http开发者_开发百科://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
<RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
<wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body>
<ns2:helloResponse xmlns:ns2="http://webService/">
<return xmlns="">Hello Dani !</return>
</ns2:helloResponse>
</S:Body>
</S:Envelope>
</MessageLogTraceRecord>
WSDL:
<definitions targetNamespace="http://webService/" name="hello">
<wsp:Policy wsu:Id="helloPortBindingPolicy">
<sp:TransportBinding>
<wsp:Policy>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp/>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:Wss10/>
<wsam:Addressing/>
</wsp:Policy>
<types>
<xsd:schema>
<xsd:import namespace="http://webService/" schemaLocation="https://localhost:8181/megegytest/hello?xsd=1"/>
</xsd:schema>
</types>
<message name="hello">
<part name="parameters" element="tns:hello"/>
</message>
<message name="helloResponse">
<part name="parameters" element="tns:helloResponse"/>
</message>
<portType name="hello">
<operation name="hello">
<input wsam:Action="http://webService/hello/helloRequest" message="tns:hello"/>
<output wsam:Action="http://webService/hello/helloResponse" message="tns:helloResponse"/>
</operation>
</portType>
<binding name="helloPortBinding" type="tns:hello">
<wsp:PolicyReference URI="#helloPortBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="hello">
<soap:operation soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="hello">
<port name="helloPort" binding="tns:helloPortBinding">
<soap:address location="https://localhost:8181/megegytest/hello"/>
</port>
</service>
</definitions>
It uses HTTPS so it is secured. WSDL also demands secure transport through security policy declaring TransportBinding element and HttpsToken. Log will not show any encryption because encryption is done on transport level outside of WCF scope. If you want to see that messages are encrypted you must sniff traffic on network level for example with WireShark. You can also use Fiddler as HTTPS proxy to see that client is doing HTTP CONNECT to tunnel SSL through proxy.
加载中,请稍侯......
精彩评论