如何：在 WCF Exchange Server 邮件传输中使用消息安全性

.NET Framework 开发人员指南

更新：2007 年 11 月

此示例演示如何在 Windows Communication Foundation (WCF) Exchange Server 邮件传输中使用 SOAP 消息安全性。

示例

---

下面的示例在桌面上运行，并演示如何使用消息安全性来发送和接收消息。

此示例假定证书存储区中存在来自受信任源的证书，并且代码中对该证书的引用已得到适当更新。

创建消息时，必须以额外参数的形式传入一个自定义序列化程序，以便在 CreateMessage 调用中序列化该消息。在台式机上，可以使用自定义序列化程序或属性来创建序列化数据。但是，我们建议对设备和台式机使用同一个序列化程序。

自定义序列化程序并不特定于 WCF Exchange Server 邮件传输，因而不包含在此示例中。有关自定义序列化程序的示例，请参见如何：序列化 WCF 应用程序中的消息。

Visual Basic

Class Program
    Private Shared ChannelName As String = "Channel1"
    Private Shared ServiceEmailAddress As String = "service@fabrikam.com"

    Private Shared serializer As New CFMessagingSerializer(GetType(String))


    Shared Sub Main(ByVal args() As String) 
        Dim factory As IChannelFactory(Of IOutputChannel)
        Dim output As IOutputChannel
        Dim bpc As BindingParameterCollection
        Dim message As Message
        Dim binding As ExchangeWebServiceMailBinding
        Dim clientEmailServer As New Uri("http://mail.example.com")
        Dim clientEmailAddress As String = "client@example.com"
        Dim password As String = "password"

        binding = New ExchangeWebServiceMailBinding(clientEmailServer, New NetworkCredential(clientEmailAddress, password))
        binding.Security.Mode = MailSecurityMode.Message
        bpc = New BindingParameterCollection()

        Dim cc As New ClientCredentials()

        cc.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "example.com")
        cc.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust
        cc.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "fabrikam.com")

        Dim cpr As New ChannelProtectionRequirements()
        ' Sign and encrypt body for *all* messages
        cpr.OutgoingSignatureParts.AddParts(New MessagePartSpecification(True), "*")
        cpr.IncomingSignatureParts.AddParts(New MessagePartSpecification(True), "*")
        cpr.OutgoingEncryptionParts.AddParts(New MessagePartSpecification(True), "*")
        cpr.IncomingEncryptionParts.AddParts(New MessagePartSpecification(True), "*")

        bpc.Add(cc)
        bpc.Add(cpr)

        factory = binding.BuildChannelFactory(Of IOutputChannel)(bpc)

        factory.Open()

        Dim sendAddress As New EndpointAddress(MailUriHelper.CreateUri(ChannelName, ServiceEmailAddress), EndpointIdentity.CreateX509CertificateIdentity(cc.ServiceCertificate.DefaultCertificate))
        output = factory.CreateChannel(sendAddress)

        message = System.ServiceModel.Channels.Message.CreateMessage(MessageVersion.Default, "urn:Test", "Hello, World!", serializer)
        output.Open()
        output.Send(message)

        output.Close()
        factory.Close()

        binding.Close()


        ' Receiving message on the server side
        '
        Dim listener As IChannelListener(Of IInputChannel)
        Dim input As IInputChannel
        Dim serviceEmailServer As New Uri("http://mail.fabrikam.com")

        binding = New ExchangeWebServiceMailBinding(serviceEmailServer, New NetworkCredential(ServiceEmailAddress, password), MailSecurityMode.Message)

        ' Create credential for the listening side
        Dim sc As New ServiceCredentials()
        sc.ServiceCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "fabrikam.com")
        sc.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None

        bpc = New BindingParameterCollection()
        bpc.Add(sc)
        bpc.Add(cpr)

        listener = binding.BuildChannelListener(Of IInputChannel)(MailUriHelper.CreateUri(ChannelName, ""))
        listener.Open()

        input = listener.AcceptChannel()
        input.Open()

        message = input.Receive()
        Dim data As String = message.GetBody(Of String)(serializer)

        input.Close()
        listener.Close()

        binding.Close()

    End Sub
End Class

C#

class Program
{
    private static string ChannelName = "Channel1";
    private static string ServiceEmailAddress = "service@fabrikam.com";

    private static CFMessagingSerializer serializer = new CFMessagingSerializer(typeof(string));

    static void Main(string[] args)
    {
        IChannelFactory<IOutputChannel> factory;
        IOutputChannel output;
        BindingParameterCollection bpc;
        Message message;
        ExchangeWebServiceMailBinding binding;
        Uri clientEmailServer = new Uri("http://mail.example.com");
        string clientEmailAddress = "client@example.com";
        string password = "password";

        binding = new ExchangeWebServiceMailBinding(clientEmailServer,
                                                   new NetworkCredential(clientEmailAddress, password));
        binding.Security.Mode = MailSecurityMode.Message;
        bpc = new BindingParameterCollection();

        ClientCredentials cc = new ClientCredentials();

        cc.ClientCertificate.SetCertificate(
              System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
        System.Security.Cryptography.X509Certificates.StoreName.My,
        System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName,
              "example.com");
        cc.ServiceCertificate.Authentication.CertificateValidationMode =
            System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust;
        cc.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
        System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName,
              "fabrikam.com");

        ChannelProtectionRequirements cpr = new ChannelProtectionRequirements();
        // Sign and encrypt body for *all* messages
        cpr.OutgoingSignatureParts.AddParts(new MessagePartSpecification(true), "*");
        cpr.IncomingSignatureParts.AddParts(new MessagePartSpecification(true), "*");
        cpr.OutgoingEncryptionParts.AddParts(new MessagePartSpecification(true), "*");
        cpr.IncomingEncryptionParts.AddParts(new MessagePartSpecification(true), "*");

        bpc.Add(cc);
        bpc.Add(cpr);

        factory = binding.BuildChannelFactory<IOutputChannel>(bpc);

        factory.Open();

        EndpointAddress sendAddress = new EndpointAddress(MailUriHelper.CreateUri(ChannelName,
            ServiceEmailAddress), EndpointIdentity.CreateX509CertificateIdentity(cc.ServiceCertificate.DefaultCertificate));
        output = factory.CreateChannel(sendAddress);

        message = Message.CreateMessage(MessageVersion.Default, "urn:Test", "Hello, World!", serializer);
        output.Open();
        output.Send(message);

        output.Close();
        factory.Close();

        binding.Close();


        // Receiving message on the server side
        //

        IChannelListener<IInputChannel> listener;
        IInputChannel input;
        Uri serviceEmailServer = new Uri("http://mail.fabrikam.com");

        binding = new ExchangeWebServiceMailBinding(serviceEmailServer,
                                                   new NetworkCredential(ServiceEmailAddress, password),
                                                   MailSecurityMode.Message);

        // Create credential for the listening side
        ServiceCredentials sc = new ServiceCredentials();
        sc.ServiceCertificate.SetCertificate(
            System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
            System.Security.Cryptography.X509Certificates.StoreName.My,
            System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName,
            "fabrikam.com");
        sc.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

        bpc = new BindingParameterCollection();
        bpc.Add(sc);
        bpc.Add(cpr);

        listener = binding.BuildChannelListener<IInputChannel>(MailUriHelper.CreateUri(ChannelName, ""), bpc);
        listener.Open();

        input = listener.AcceptChannel();
        input.Open();

        message = input.Receive();
        string data = message.GetBody<string>(serializer);

        input.Close();
        listener.Close();

        binding.Close();

    }
}

编译代码

---

本示例需要引用以下命名空间：

• System

• System.Collections.Generic

• System.Net

• System.ServiceModel

• System.ServiceModel.Security

• System.ServiceModel.Security.Tokens

• System.ServiceModel.Description

• System.ServiceModel.Channels

• Microsoft.ServiceModel.Channels.Mail

• Microsoft.ServiceModel.Channels.Mail.WindowsMobile

安全性

---

有关安全选项的更多信息，请参见 WCF Exchange Server 邮件传输。

请参见

---

任务

演练：使用 WCF Exchange Server 邮件传输

其他资源

Windows Communication Foundation (WCF) 开发与 .NET Compact Framework