Question

我有以下对话日志（来自WCF跟踪文件）。它显示了一个WCF客户端调用受SSL保护的Metro Web服务。对话是否已应用安全性？我怎么从日志中知道这个？

消息来源： ServiceLevelSendRequest

消息类型： System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4045159+02:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Dispatcher.OperationFormatter+OperationFormatterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
        <s:Header>
            <a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
            <a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
            <a:ReplyTo>
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"></VsDebuggerCausalityData>
        </s:Header>
        <s:Body>
            <hello xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://webService/">
                <name xmlns="">Dani</name>
            </hello>
        </s:Body>
    </s:Envelope>
</MessageLogTraceRecord>

消息来源： TransportSend

消息类型： System.ServiceModel.Security.SecurityAppliedMessage

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4105163+02:00" Source="TransportSend" Type="System.ServiceModel.Security.SecurityAppliedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <s:Header>
            <a:Action s:mustUnderstand="1">http://webService/hello/helloRequest</a:Action>
            <a:MessageID>urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</a:MessageID>
            <a:ReplyTo>
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo/CE9TN8gjlFg7wGpuXg+HYAAAAAjfdEWwkubUe9Mb/DW0Kwl7kxQkfs6KtNkycVwDcjc44ACQAA</VsDebuggerCausalityData>
            <a:To s:mustUnderstand="1">https://localhost:8181/megegytest/hello</a:To>
            <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <u:Timestamp u:Id="_0">
                    <u:Created>2011-09-21T23:33:06.409Z</u:Created>
                    <u:Expires>2011-09-21T23:38:06.409Z</u:Expires>
                </u:Timestamp>
            </o:Security>
        </s:Header>
        <s:Body>
            <hello xmlns="http://webService/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
                <name xmlns="">Dani</name>
            </hello>
        </s:Body>
    </s:Envelope>
</MessageLogTraceRecord>

消息来源： TransportReceive

消息类型： System.ServiceModel.Channels.BufferedMessage

    <MessageLogTraceRecord Time="2011-09-22T01:33:06.4165166+02:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
        <S:Header>
            <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
            <Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
            <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
            <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
            <wsse:Security S:mustUnderstand="1">
                <wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                    <wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
                    <wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
                </wsu:Timestamp>
            </wsse:Security>
        </S:Header>
        <S:Body>
            <ns2:helloResponse xmlns:ns2="http://webService/">
                <return xmlns="">Hello Dani !</return>
            </ns2:helloResponse>
        </S:Body>
    </S:Envelope>
</MessageLogTraceRecord>

消息来源： ServiceLevelReceiveReply

消息类型： System.ServiceModel.Security.SecurityVerifiedMessage

<MessageLogTraceRecord Time="2011-09-22T01:33:06.4245171+02:00" Source="ServiceLevelReceiveReply" Type="System.ServiceModel.Security.SecurityVerifiedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <HttpResponse>
        <StatusCode>OK</StatusCode>
        <StatusDescription>OK</StatusDescription>
        <WebHeaders>
            <Transfer-Encoding>chunked</Transfer-Encoding>
            <Content-Type>text/xml;charset=utf-8</Content-Type>
            <Date>Wed, 21 Sep 2011 23:33:06 GMT</Date>
            <Server>GlassFish Server Open Source Edition 3.1.1</Server>
            <X-Powered-By>Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Oracle Corporation/1.7)</X-Powered-By>
        </WebHeaders>
    </HttpResponse>
    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
        <S:Header>
            <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
            <Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" S:mustUnderstand="1">http://webService/hello/helloResponse</Action>
            <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:0303f4ea-1171-4ad6-b220-4b341d78b299</MessageID>
            <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:cd9642a0-ac70-4208-84e3-8a901cf5713a</RelatesTo>
            <wsse:Security S:mustUnderstand="1">
                <wsu:Timestamp xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                    <wsu:Created>2011-09-21T23:33:06Z</wsu:Created>
                    <wsu:Expires>2011-09-21T23:38:06Z</wsu:Expires>
                </wsu:Timestamp>
            </wsse:Security>
        </S:Header>
        <S:Body>
            <ns2:helloResponse xmlns:ns2="http://webService/">
                <return xmlns="">Hello Dani !</return>
            </ns2:helloResponse>
        </S:Body>
    </S:Envelope>
</MessageLogTraceRecord>

WSDL ：

<definitions targetNamespace="http://webService/" name="hello">
    <wsp:Policy wsu:Id="helloPortBindingPolicy">
        <sp:TransportBinding>
            <wsp:Policy>
                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:Basic128/>
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:IncludeTimestamp/>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Lax/>
                    </wsp:Policy>
                </sp:Layout>
                <sp:TransportToken>
                    <wsp:Policy>
                        <sp:HttpsToken RequireClientCertificate="false"/>
                    </wsp:Policy>
                </sp:TransportToken>
            </wsp:Policy>
        </sp:TransportBinding>
        <sp:Wss10/>
        <wsam:Addressing/>
    </wsp:Policy>
    <types>
        <xsd:schema>
            <xsd:import namespace="http://webService/" schemaLocation="https://localhost:8181/megegytest/hello?xsd=1"/>
        </xsd:schema>
    </types>
    <message name="hello">
        <part name="parameters" element="tns:hello"/>
    </message>
    <message name="helloResponse">
        <part name="parameters" element="tns:helloResponse"/>
    </message>
    <portType name="hello">
        <operation name="hello">
            <input wsam:Action="http://webService/hello/helloRequest" message="tns:hello"/>
            <output wsam:Action="http://webService/hello/helloResponse" message="tns:helloResponse"/>
        </operation>
    </portType>
    <binding name="helloPortBinding" type="tns:hello">
        <wsp:PolicyReference URI="#helloPortBindingPolicy"/>
        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
        <operation name="hello">
            <soap:operation soapAction=""/>
            <input>
                <soap:body use="literal"/>
            </input>
            <output>
                <soap:body use="literal"/>
            </output>
        </operation>
    </binding>
    <service name="hello">
        <port name="helloPort" binding="tns:helloPortBinding">
            <soap:address location="https://localhost:8181/megegytest/hello"/>
        </port>
    </service>
</definitions>

Answer 1

它使用HTTPS，因此它是安全的。 WSDL还要求通过声明TransportBinding元素和HttpsToken的安全策略进行安全传输。日志不会显示任何加密，因为加密是在WCF范围之外的传输级别上完成的。如果要查看邮件是否已加密，则必须在网络级别上嗅探流量，例如使用WireShark。您还可以使用Fiddler作为HTTPS代理，以查看客户端正在执行HTTP CONNECT以通过代理隧道SSL。

使用SSL的Metro Web服务 - 这是一个安全的对话

1 个答案: