开发者

Possible to use Kerberos Token Profile via WCF over SSL?

The examples everywhere show how to do Kerberos Token Profile 1.1 via WCF, however it uses Message security. In fact, the WCF implementation defaults to sign+encrypt. I have a requirement of using SSL, 开发者_运维知识库and instead using KTP for authentication and signing, and NOT encrypting.

If I change the mode to TransportWithMessageCredential, it no longer signs the request. Anyone know if this is possible, and ideally ahve any config? thanks


Ugg. Leave it to me to over-complicate things! I tried a bajillion combinations of settings, and eventually started widdling down to something simple.

First, here is the customBinding equivalent of wsHttpBinding, out of the box:

http://webservices20.blogspot.com/2009/04/wcf-custombinding-equivalent-to.html

From there, I started building up, and the config below ultimately did it. I have the ServiceContract attribute specify to sign-only. Then in config, the "Kerberos" mode takes care of Kerberos Token Profile, and the httpsTransport takes care of SSL! That did it! Maybe this might help someone else in the future:

<customBinding>
    <binding name="KerberosTokenProfileSignAndSslBinding">
        <security authenticationMode="Kerberos" />
        <httpsTransport />
    </binding>
<customBinding>

EDIT: I ended up writing a blog post about the details, in case anyone reading this needs them - http://robertseder.spaces.live.com/blog/cns!587F478B9240C01E!773.entry

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜