Question

我正在使用WCF通过MSMQ（net.msmq协议）发送消息。一切顺利，BizTalk服务器接收消息并处理它。但是，当我查看SVCLOG时，当我专门将MsmqProtectionLevel设置为Sign时，我看到消息已加密。

还有其他人看过这种行为吗？是否可以停止加密？我的一些消息超过1MB，加密使得事情变得非常缓慢。

提前致谢！

  ChannelFactory<OnRampEntry> Factory
  {
     get
     {
        if (factory == null)
        {
           lock (this)
           {
              if (factory == null)
              {
                 var uri = ResolveQueueName(new Uri(Url));
                 var identity = EndpointIdentity.CreateDnsIdentity(BizTalkIdentity);
                 var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)
                 {
                    DeadLetterQueue = DeadLetterQueue.System,
                    ExactlyOnce = true
                 };
                 binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
                 binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
                 binding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.WindowsDomain;
                 binding.Security.Transport.MsmqSecureHashAlgorithm = MsmqSecureHashAlgorithm.Sha1;
                 factory = new ChannelFactory<OnRampEntry>(binding, new EndpointAddress(uri, identity, (AddressHeaderCollection) null));
                 factory.Endpoint.Behaviors.Add(new LogonCertificateBehavior());
                 factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, BizTalkIdentity);
                 factory.Open();
              }
           }
        }
        return factory;
     }
  }

  /// <summary>
  ///   MSMQ does not allow a DNS alias to be used in a queue name, e.g. "net.msmq://alias/private$/queue".
  ///   <b>ResolveQueueName</b> will tranlsate an alias to its actual machine name.
  /// </summary>
  /// <param name="uri"></param>
  /// <returns></returns>
  Uri ResolveQueueName(Uri uri)
  {
     var hostName = uri.DnsSafeHost;

     try
     {
        var hostEntry = Dns.GetHostEntry(hostName);
        var resolved = new Uri(uri.ToString().Replace(hostName, hostEntry.HostName));

        if (log.IsDebugEnabled)
           log.Debug(string.Format("Resolved '{0}' to '{1}'.", uri, resolved));
        return resolved;
     }
     catch (SocketException e)
     {
        if (e.SocketErrorCode == SocketError.HostNotFound)
           return uri;
        throw e;
     }
  }

Answer 1

邮件加密的原因是使用NetMsmqSecurityMode.Both - 传输和邮件安全。

var binding = new NetMsmqBinding(NetMsmqSecurityMode.Both)

在传输级别，上面的配置使用

binding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign;

查看WCF日志，将无法查看传输级别设置的内容，因为已建立消息级别加密。

不幸的是，这并没有回答如何在不使用证书加密邮件正文的情况下签署邮件（使用X.509证书）的问题。

指定签名时加密WCF消息（net.msmq）

1 个答案: