本文介绍了iPhone Web服务调用具有证书身份验证的WCF服务的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 我们是一个在WCF服务上标准化的.Net商店。我们正在开发一个iPhone应用程序,需要进行安全的Web服务调用以获取应用程序的数据。为了确保安全通信,我们在我们的Web服务器上启用了SSL。但这不能确保服务只能由授权的应用程序使用。我们已将我们的服务配置为支持x509证书身份验证。是否甚至可以使用来自IPhone应用程序的certifcate身份验证来调用安全的WCF服务?We are a .Net shop that has standardized on WCF Services. We are in the processs of developing an iPhone application that needs to make secure web services calls to obtain data for the app. To ensure secure communiations we have enabled SSL on our web servers. But this does not ensure the service can only be consumed by authorized apps. We have configured our services to support x509 certificate authentication. Is it even possible to call a secure WCF service with certifcate authentication from an IPhone app?我花了很多时间在互联网上搜索示例,但无济于事。我已经能够成功地调用一个不安全的WCF服务没有问题。我还对WS-Security和WS-Trust通信标准进行了大量研究。我相信我明白这应该如何工作。我只是麻烦拼凑在iPhone框架中的步骤/对象我需要使这项工作。I have spent many hours searching the internet for examples but to no avail. I HAVE been able to successfuly call an un-secure WCF service with no issues. I have also done a lot of research on the WS-Security and WS-Trust communications standards. I believe I understand how this should work. I am just having trouble piecing together the steps/objects within the iPhone frameworks I need to make this work.任何想法和想法将非常感谢。Any thoughts and ideas on the subject would be greatly appreciated.此外,对以下任何内容有任何想法:Also, any thoughts on any of the following: 使用iPhone应用程序部署P12证书文件 如何最好地保护应用程序中P12文件的密码 部署P12文件应用程序的最佳实践 iPhone框架中是否有设施来支持这种安全通信?如果不是,将是一个替代建议。How best to deploy the P12 certifcate file with the iPhone applicationHow best to secure the password for the P12 file within the appIs deploying the P12 file with the app a best practiceAre there facilties within the iPhone frameworks to support this kind of secure communication? If not, what would be an alternative recommendation.推荐答案对于初学者,我想说如果你真的对安全有严格要求,适当的时间和资源,并把它看作是一个一流的公民在您的功能列表。不要只是打开SSL,假装的东西是安全的。我不建议你这样做或不这样做,但我只是觉得我必须说,然后继续。For starters, I'd say if you are really serious about security please dedicate the proper time and resources to it and treat it like a first class citizen in your feature list. Don't just "turn on SSL" and pretend things are secure. I'm not suggesting you are doing this or not doing this, but I just feel like I have to say it before proceeding.也就是说,你可能已经知道WS- *都是在http请求的基础上构建的,并且任何时候您都在处理http请求,您可能会发现 ASIHTTPRequest 在iPhone上非常有用。That said, you probably already know that WS-* is all built on top of http requests, and any time you are doing loads of http requests, you'll probably find ASIHTTPRequest very helpful on the iPhone. However, that will not get you 100% of the way there.从iPhone的角度来看,你有:From the iPhone's perspective you have: developer.apple.com/iphone/library/documentation/Networking/Conceptual/CFNetwork/Introduction/Introduction.html#//apple_ref/doc/uid/TP30001132rel =nofollow noreferrer> CFNetwork C API 证书,密钥和信任服务 ,更具体地 X509信任政策The URL loading system, which is a high level API for dealing with network resources of any kindThe CFNetwork C API which is lower-level and allows you a great deal more control of encrypting streams and network traffic any way you see fitThe Certificate, Key, and Trust Services that do the heavy lifting, and more specifically the X509 trust policies在Mac上您可以使用安全传输,就像我知道他们没有移植到设备,所以我不会得到太多分心的阅读,除非你打算把这个带到桌面或只是在心情来学习一切:)On Macs you get to use Secure Transport, but as far as I know they haven't ported that to the device so I wouldn't get too distracted reading up on that unless you are planning on bringing this to the desktop or are just in the mood to learn everything :)如果你正在使用WCF的任何安全性,你可能意识到的第一件事是有很多选项可用,但这一切都归结于这个简短列表:If you are doing any security with WCF, the first thing you probably realized is that there are many options available to you, but it all boils down to this short list: 具有明文消息的传输层安全(https)(xml / json /...) 通过打开的传输(http)消息层安全性/ li> 通过安全传输的安全邮件上次我做WCF以前)微软的一般建议似乎是在开放传输的消息层安全,因为在尝试保护传输时引入防火墙/辅助功能问题。然而,这种方法假定所有参与方都是.NET / WCF能力。我相信,如果它是HTTPS传输级安全性,使用清晰的XML或JSON消息体,在设备上消费会更容易。这样,你可以利用所有的东西烧烤到CFNetwork和NSHTTPRequest,苹果做了。The last time I was doing WCF (about a year ago) the general recommendation from Microsoft seemed to be Message layer security over an open transport because of firewall / accessibility issues introduced when trying to secure the transport. However, this approach assumed that all parties involved were .NET / WCF capable. I believe it would be easier to consume on the device if it were an HTTPS transport level security, with clear XML or JSON message bodies. That way you can take advantage of all the stuff baked into CFNetwork and NSHTTPRequest that Apple has done.一旦你得到一些工作,你会想参考企业部署指南,特别是关于空中注册的文档,以便您可以在设备上安装证书。记住,任何事情都是可能的,不要害怕使用程序附带的Apple支持票之一)。Once you get something working, you'll want to refer to the Enterprise Deployment Guide, and specifically the documentation on Over-the-Air Enrollment so that you can install the certificates on the devices. Remember, anything is possible, and don't be afraid to use one of those Apple support tickets that come with the program :)编辑:我完全忘了提及 GenericKeychain 和 CryptoExcercise 示例编辑2:在我没有明显的理由之后,我重新阅读了我的回复, ,无法真实回答您的问题如何在设备上打开p12文件。你应该能够简单地 [[UIApplication sharedApplication] openURL:urlToP12FileEitherLocalOrRemote]] ,并将它踢到操作系统的安装过程。After I got downvoted for no apparent reason I re-read my response and realized I rambled a bit too much without actually answering your question about how to open a p12 file on the device. You ought to be able to simply [[UIApplication sharedApplication] openURL:urlToP12FileEitherLocalOrRemote]] and have it kick out to the OS for the installation procedure. 这篇关于iPhone Web服务调用具有证书身份验证的WCF服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!