我有一个自定义消息检查器,可以执行以下代码行:
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
MessageBuffer contextPatch = request.CreateBufferedCopy(1024 * 128);
...
}
如果未启用安全性,CreateBufferedCopy可正常工作,但在配置SSL时会抛出InvalidOperationException。该异常声称Message request对象处于“已写入”状态。所有这些的配置在这里:
<serviceBehaviors>
<behavior>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
<certificate findValue="sigtest.arbit.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</clientCertificate>
<serviceCertificate findValue="sigtest.arbit.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="Failure" serviceAuthorizationAuditLevel="Failure" suppressAuditFailure="true" />
<endToEndLogging traceKeys="CorrelationId|correlationId" createDefaultRequestValue="false" />
</behavior>
</serviceBehaviors>
这似乎是WCF本身的一个错误。也就是说,Message request参数不应该在“写入”状态下保留(通过SSL功能?)。想法?
如果相关,则使用自定义绑定进行SSL:
<customBinding>
<binding name="myCustomBinding">
<security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificateDuplex" enableUnsecuredResponse="true" requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true" messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSignatureConfirmation="false" allowSerializedSigningTokenOnReply="true">
<localClientSettings detectReplays="true" />
<localServiceSettings detectReplays="true" />
</security>
<textMessageEncoding messageVersion="Soap11" />
<transactionFlow />
<httpsTransport />
</binding>
</customBinding>