问题
How do I convert the following wsHttpBinding to a customBinding? I need to so this so I can increase the clock skew. This is for http.
<wsHttpBinding>
<binding name="wsHttpSecurityOptions" maxReceivedMessageSize="10485760" maxBufferPoolSize="524288">
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="true" negotiateServiceCredential="true"/>
<transport clientCredentialType="Certificate" proxyCredentialType="None"/>
</security>
<readerQuotas maxStringContentLength="500000"/>
</binding>
</wsHttpBinding>
My attempt (as follows) fails with the error message "Could not find a base address that matches scheme https for the endpoint with binding CustomBinding" but I can't see how else to configure UserName Message mode security.
<customBinding>
<binding name="wsHttpSecurityOptions">
<transactionFlow />
<security authenticationMode="UserNameForSslNegotiated">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated">
<localServiceSettings maxClockSkew="00:10:00" />
</secureConversationBootstrap>
<localServiceSettings maxClockSkew="00:10:00" />
</security>
<textMessageEncoding>
<readerQuotas maxStringContentLength="500000"/>
</textMessageEncoding>
<httpsTransport maxReceivedMessageSize="10485760" maxBufferPoolSize="524288" />
</binding>
</customBinding>
回答1:
After some more searching I found a cool tool by Yaron Naveh that does the conversion which produces the following (I've added in the clock skews)
<customBinding>
<binding name="wsHttpSecurityOptions">
<transactionFlow />
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localServiceSettings maxClockSkew="00:10:00" />
</secureConversationBootstrap>
<localServiceSettings maxClockSkew="00:10:00" />
</security>
<textMessageEncoding />
<httpTransport maxBufferSize="10485760" maxReceivedMessageSize="10485760" />
</binding>
</customBinding>
Thanks again to Yaron and I wish I'd found it before asking another question which I've self answered 50mins after asking it (which is a record for me :))
回答2:
Check this solution. It creates a custom binding via code, mofifies its clock skew, and sets it as the binding to use. (source: http://sandrinodimattia.net/blog/posts/wcf-and-fixing-clienthost-time-issues-maxclockskew-quickly/)
ServiceHost service = new ServiceHost(typeof(Calculator));
Binding currentBinding = service.Description.Endpoints[0].Binding;
// Set the maximum difference in minutes
int maxDifference = 300;
// Create a custom binding based on an existing binding
CustomBinding myCustomBinding = new CustomBinding(currentBinding);
// Set the maxClockSkew
var security = myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>();
security.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
security.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
// Set the maxClockSkew
var secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
var bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
bootstrap.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
bootstrap.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
// Update the binding of the endpoint
service.Description.Endpoints[0].Binding = myCustomBinding;
来源:https://stackoverflow.com/questions/4217415/convert-wshttpbinding-to-custombinding