Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
ARCARC--310310
Web Services Web Services 的安全措施的安全措施---- 从从WSE3.0WSE3.0到到 WCFWCF
课程内容概述课程内容概述
理解理解message level message level 的安全性。的安全性。
WSE3.0 WSE3.0 的应用范围,不同情形下对安全措施的的应用范围,不同情形下对安全措施的选择。选择。
理解与使用理解与使用 ““turnkey security scenariosturnkey security scenarios””所有所有turnkey security scenariosturnkey security scenarios的演示与程序的演示与程序
WCFWCF介绍。介绍。
从从WSE3.0WSE3.0到到WCFWCF的过渡。的过渡。
WSEWSE
PolymorphismPolymorphismEncapsulationEncapsulationSubclassingSubclassing
MessageMessage--basedbasedSchema+ContractSchema+ContractBinding via PolicyBinding via Policy
1980s1980s
2000s2000s
InterfaceInterface--basedbasedDynamic LoadingDynamic LoadingRuntime MetadataRuntime Metadata
1990s1990s
ObjectObject--OrientedOriented
ServiceService--OrientedOriented
ComponentComponent--BasedBased
趋势:从趋势:从objectobject--orientedoriented到到serviceservice--orientedoriented
WSE (Web Service Enhancements)WSE (Web Service Enhancements)
WSEWSE市市W3CW3C标准标准WSE1.0, 2.0, 3.0WSE1.0, 2.0, 3.0是微软的是微软的implementation, implementation, WSEWSE作为作为.NET Framework.NET Framework的外加的外加
Secure Web services across multiple intermediaries and trust Secure Web services across multiple intermediaries and trust domainsdomainsHelps developers build Service Oriented solutions today and Helps developers build Service Oriented solutions today and provides a stepping stone to Indigoprovides a stepping stone to Indigo已在企业中使用已在企业中使用
FeaturesFeaturesTurnkey and customizable Web services securityTurnkey and customizable Web services securityExtends ASP.NET Web services Extends ASP.NET Web services –– hosting outside of IIS, hosting outside of IIS, 与与tranporttranport无关无关
V3.0 enhancementsV3.0 enhancementsImproved support for asynchronous messagingImproved support for asynchronous messagingSOAP v1.2 and 64SOAP v1.2 and 64--bit support bit support Secure messaging of documents and binary data (MTOM)Secure messaging of documents and binary data (MTOM)
WSWS--** 架构架构
基础
应用及设施
传输
Connected Connected ApplicationsApplications ManagementManagement BusinessBusiness
ProcessProcess……
SecuritySecuritySecuritySecurity
TrustTrustSecure Secure
ConversationConversation
Messaging Messaging (SOAP, Addressing, MTOM, Eventing)(SOAP, Addressing, MTOM, Eventing)
XML XML (XML, XSD, XPath)(XML, XSD, XPath)
Met
adat
aM
etad
ata
(WSD
L, P
olic
y,
(WSD
L, P
olic
y,
Dis
cove
ry, M
EX)
Dis
cove
ry, M
EX)
HTTPHTTP TCPTCP SMTPSMTP MQMQ
ReliabilityReliabilityReliable Reliable
MessagingMessaging
TransactionsTransactionsAtomic Atomic
TransactionTransactionCoordinationCoordination
Business Business ActivityActivity
WSWS--* * 标准的建立过程标准的建立过程
Specification Specification 发布发布
反馈反馈 修正修正 标准组织标准组织 WSWS--II
工业界的参与工业界的参与
过程协调目的:• 质量• 推向市场的周期• 广泛的工业界支持
输入输入Soap MessageSoap Message
应用应用(client / service)(client / service)
输出输出Soap MessageSoap Message
Applies rules & transforms message to meetWS-* Specifications
Verifies and transforms message into .NET object model
WSEWSE的功能的功能??
WSE 层
WSWS--SecuritySecurity
通讯的安全性通讯的安全性ProtocolProtocol--level level 的安全性的安全性
例子:例子:SSLSSLSender must trust intermediaries.Sender must trust intermediaries.
Include Soap Routers, Dispatchers, etcInclude Soap Routers, Dispatchers, etc……
Message decrypted at intermediariesMessage decrypted at intermediaries对整个对整个 messagemessage加密加密
能用的能用的protocols protocols 受限制受限制
加密加密 加密加密
通讯的安全性通讯的安全性MessageMessage--levellevel的安全性的安全性
与通讯介质无关与通讯介质无关 (HTTP, SMTP, MSMQ, WMQ (HTTP, SMTP, MSMQ, WMQ ……))可只对可只对 messagemessage的各部分加密的各部分加密
For the intermediary and/or ultimate receiver independentlyFor the intermediary and/or ultimate receiver independently送信者送信者(sender) (sender) 只需信任 终收信者只需信任 终收信者((ultimate receiverultimate receiver))数字签名存在数字签名存在messagemessage的的headerheader中中
The message content on the wire includes integrityThe message content on the wire includes integrity
WSE WSE 3.03.0所提供的所提供的Web ServicesWeb Services安全性安全性
PolicyPolicy一组法则(一组法则(Groups of rulesGroups of rules)) 用来施加到用来施加到messagesmessages上上
Define rules applied to outgoing messagesDefine rules applied to outgoing messagesDefine demands for incoming messagesDefine demands for incoming messages
用程序来定义用程序来定义policypolicyAccessible declarativelyAccessible declaratively
Security Turnkey ScenariosSecurity Turnkey Scenarios55种种policy policy encapsulated into classesencapsulated into classesweb servicesweb services中 常用的情形中 常用的情形
Provide round trip securityProvide round trip securityCustom PoliciesCustom Policies
Inherit from the Policy classInherit from the Policy class
Policy in WSE 3.0Policy in WSE 3.0
用用policy assertionspolicy assertions来描述对来描述对message (both message (both incoming and outgoing)incoming and outgoing)的要求的要求
安全成为安全成为deploymentdeployment时的决定时的决定
Simplifies security through the turnkey security Simplifies security through the turnkey security assertionsassertionsCreates a clear division between rolesCreates a clear division between roles
Policy PipelinePolicy Pipeline管道架构管道架构
输入管道的输入管道的policypolicy
输入输入Soap MessageSoap Message Security
Security
TracingTracing
Custom
Custom
SecuritySecurity
TracingTracing
Custom
Custom
应用系统应用系统
输出输出Soap MessageSoap Message
Policy assertions Policy assertions transform the messagetransform the message
…… 输出管道的输出管道的policypolicy
Turnkey Turnkey 安全安全 scenariosscenarios
业界常见的安全设计业界常见的安全设计
每一种情形用每一种情形用 Policy assertionPolicy assertion来表征来表征
UsernameOverCertificateUsernameOverCertificate
AnnonymousOverCertificateAnnonymousOverCertificate
UsernameOverTransportUsernameOverTransport
KerberosKerberos
MutualX509MutualX509
Security Turnkey ScenariosSecurity Turnkey Scenarios
SecuritySecurityAuthenticationAuthentication
Windows DomainWindows DomainWindows Windows login/passwordlogin/password
Kerberos (Windows)Kerberos (Windows)
ServerServer’’s X509 s X509 CertificateCertificate
ClientClient’’s X509 s X509 CertificateCertificate
MutualCertificateMutualCertificate
ServerServer’’s X509 s X509 CertificateCertificate
Any user with Any user with serverserver’’s public keys public key
AnonymousOverCertificaAnonymousOverCertificatete
SSLSSLUser User login/passwordlogin/password
UsernameOverTransportUsernameOverTransport
ServerServer’’s X509 s X509 CertificateCertificate
User User login/passwordlogin/password
UsernameoverCertificateUsernameoverCertificate
几种安全情形几种安全情形
常见的几种情形常见的几种情形Public Web servicePublic Web serviceIntranet Web serviceIntranet Web serviceInternet BusinessInternet Business--toto--businessbusinessMultiple Internet Web servicesMultiple Internet Web services
决策矩阵决策矩阵
Security is not black and whiteSecurity is not black and whiteDecision matrices aligned with your Decision matrices aligned with your requirements help support the selection of: requirements help support the selection of:
Authentication modelAuthentication modelClient authentication typeClient authentication typeMessage protectionMessage protectionMessage Message vsvs transporttransportResource access modelResource access model
Turnkey Security ScenarioTurnkey Security Scenario例子例子Username Credentials with Server Certificate for ProtectionUsername Credentials with Server Certificate for Protection
服务器服务器
InternetInternet IntranetIntranet
验证验证username/ username/ PasswordPassword
Confidential, signedConfidential, signedrequest using a client keyrequest using a client keyprotected with theprotected with theserver certificateserver certificate
Confidential, signedConfidential, signedresponse using response using the supplied client keythe supplied client key
Username/Password Username/Password for Authenticationfor Authentication
Direct AuthenticationDirect Authentication(直接登录)(直接登录)
ContextContextA client needs to access a Web service. The Web service requiresA client needs to access a Web service. The Web service requires the client the client to present credentials for authentication so that additional conto present credentials for authentication so that additional controls such as trols such as authorization and auditing can be implemented.authorization and auditing can be implemented.
问题问题Web service Web service 如何验证如何验证clientclient提交的提交的credentialcredential??
ForcesForcesThe credentials that the client presents to the Web service are The credentials that the client presents to the Web service are based on based on shared secrets, such as passwords. shared secrets, such as passwords. The Web service can validate credentials from the client againstThe Web service can validate credentials from the client against an identity an identity store. store. The Web service is relatively simple, and does not require suppoThe Web service is relatively simple, and does not require support for rt for capabilities such as singlecapabilities such as single--sign on (SSO) or support for nonsign on (SSO) or support for non--repudiation. repudiation. The client and the Web service trust one another to manage credeThe client and the Web service trust one another to manage credentials ntials securely. securely.
Brokered AuthenticationBrokered Authentication(间接认证)(间接认证)
ContextContextA client needs to access a Web service. The Web service requiresA client needs to access a Web service. The Web service requires the application to the application to present credentials for authentication so that additional contropresent credentials for authentication so that additional controls such as authorization ls such as authorization and auditing can be implemented.and auditing can be implemented.
ProblemProblemHow does the Web service verify the credentials that are presentHow does the Web service verify the credentials that are presented by the client?ed by the client?
ForcesForcesThe client accesses additional services, which results in the neThe client accesses additional services, which results in the need for a single sign on ed for a single sign on (SSO) solution. Without a single sign on solution, the client ma(SSO) solution. Without a single sign on solution, the client may be forced to y be forced to authenticate prior to every Web service call or cache the user'sauthenticate prior to every Web service call or cache the user's credentials within the credentials within the application. application. The client and the Web service do not trust each other directly.The client and the Web service do not trust each other directly. The client and the The client and the Web service may not trust one another to manage or exchange sharWeb service may not trust one another to manage or exchange shared secrets ed secrets securely. Establishing trust directly between a client and Web ssecurely. Establishing trust directly between a client and Web service often requires ervice often requires out of band interactions that can hinder clients and services frout of band interactions that can hinder clients and services from interacting om interacting dynamically.dynamically.The Web service and the identity store do not trust each other dThe Web service and the identity store do not trust each other directly. The Web irectly. The Web service may be unable to communicate with the identity store dirservice may be unable to communicate with the identity store directly, because of ectly, because of access control restrictions, network restrictions, or organizatiaccess control restrictions, network restrictions, or organizational policy.onal policy.
Turnkey scenarios, policy cache Turnkey scenarios, policy cache configconfig, client, service, strongly typed , client, service, strongly typed policypolicy
My prototype solution at the virtual serverMy prototype solution at the virtual server
MessageMessage的保护的保护 ––Integrity Integrity 与保密与保密
威胁威胁
Network eavesdropping leads to Network eavesdropping leads to 秘密信息被窃取秘密信息被窃取
MessageMessage在传递中被更改在传递中被更改
薄弱环节薄弱环节
Lack of end to end encryption when sending SOAP messagesLack of end to end encryption when sending SOAP messagesLack of a digital signature to verify authenticity of a SOAP mesLack of a digital signature to verify authenticity of a SOAP messagesage
措施措施
Message Protection Patterns: Message Protection Patterns: Data Origin AuthenticationData Origin AuthenticationData ConfidentialityData Confidentiality
Message integrity Message integrity 与加密与加密
C:C:\\WorkspaceWorkspace\\CSharpCSharp\\WSEWSE\\WSE3TestWSE3Test\\WSE3ServiceWSE3Service\\TraceTrace\\OutputTraceCert11.xmlOutputTraceCert11.xml
WSE 3.0 WSE 3.0 的价值的价值
建立建立web service web service 安全性安全性
VS2005 + WSE 3.0 VS2005 + WSE 3.0 = Simplified WS = Simplified WS 开发开发
1.1. MessageMessage--based systems based systems 理念理念
2.2. WireWire--level level 与与 WCFWCF兼容兼容
WCFWCF
须具备的知识须具备的知识
Windows Server 2003Windows Server 2003上的上的X.509X.509 证书证书 and Kerberos and Kerberos 技术技术
X.509 X.509 的知识包括的知识包括Obtaining x.509 certificates Obtaining x.509 certificates Certificate revocation Certificate revocation Use of X.509 certificates (IPSec, SSL, WS*)Use of X.509 certificates (IPSec, SSL, WS*)
KerberosKerberos的知识包括的知识包括Use of domain accounts and service principal Use of domain accounts and service principal namesnames(SPN(SPN))Troubleshooting guideTroubleshooting guide
Introduction to Web service security interoperability Introduction to Web service security interoperability WSE 3.0 and WSE 2.0WSE 3.0 and WSE 2.0WSE 3.0 and WCFWSE 3.0 and WCFWSE 3.0 and other platformsWSE 3.0 and other platforms
Unified Programming Model Unified Programming Model
WSE Messaging APIs remainWSE Messaging APIs remainSoapClientSoapClient, , SoapServiceSoapServiceExist for compatibilityExist for compatibilityOffers a different programming model that is similar to Offers a different programming model that is similar to what goes out on the wire (what goes out on the wire (SoapEnvelopeSoapEnvelope).).
Message Transmission Optimization Mechanism Message Transmission Optimization Mechanism (MTOM) (MTOM) Message Message 传输的优化机制传输的优化机制
MTOM MTOM 替代了替代了WSE 1.0WSE 1.0和和2.02.0中的中的 DIME & WSDIME & WS--Attachments support Attachments support 益处益处
Composes with WSComposes with WS--Security to protect the data as Security to protect the data as well as the SOAP messagewell as the SOAP messageSimplified programming modelSimplified programming modelWire level Wire level 减小了减小了messagemessage体积体积..
Message Message 传输的优化传输的优化
WSE WSE 2.0, 3.0, WCF 2.0, 3.0, WCF 兼容性兼容性
WSE 2.0 WSE 2.0 可用在可用在 .NET v2.0 .NET v2.0 但是但是……Runtime only support, no design time supportRuntime only support, no design time support32 bit only32 bit only
升级到升级到 WSE 3.0WSE 3.0时有时有Breaking changesBreaking changesSide by side compatibility for all major versionsSide by side compatibility for all major versionsInteroperability with WSE 2.0 to WSE 3.0 or Interoperability with WSE 2.0 to WSE 3.0 or Indigo is not supportedIndigo is not supported
WCF (Indigo)WCF (Indigo)
不同的技术用于不同的场合不同的技术用于不同的场合
企业需要企业需要mix and matchmix and matchReliable ServicesReliable ServicesReliable transport (HTTP, MSMQ, WMQ, SMTP, TCP)Reliable transport (HTTP, MSMQ, WMQ, SMTP, TCP)Distributed and Interoperable Distributed and Interoperable TransactionsTransactionsWhich has DTC? Which supports DT?Which has DTC? Which supports DT?
ServicesServicesInteroperableInteroperable
ASP.NET IntegrationASP.NET Integration
ObjectsObjectsExtensibleExtensible
CLR IntegrationCLR Integration
ComponentsComponentsTransactionsTransactions
COM+ IntegrationCOM+ Integration
QueuingQueuingReliable MsgReliable Msg
MSMQ IntegrationMSMQ Integration
今天的今天的WindowsWindows平台上的分布系统技术平台上的分布系统技术
WSWS--**ProtocolsProtocols
SOASOAInteropInterop
AttributeAttribute--BasedBased
ProgrammingProgramming
MessageMessage--OrientedOriented
ProgrammingProgrammingComposabilityComposabilityExtensibilityExtensibility
Standardized Standardized CommunicationCommunication
Simplified Simplified Programming ModelProgramming Model
微软的下一代分布系统技术,用于建立微软的下一代分布系统技术,用于建立serviceservice--oriented applicationsoriented applications
扩展扩展.NET Framework 2.0 .NET Framework 2.0
用于用于Visual Studio 2005Visual Studio 2005
Runs on Windows XP, Windows Server 2003 and Windows VistaRuns on Windows XP, Windows Server 2003 and Windows Vista
Windows Communication FoundationWindows Communication Foundation
从从WSE 3.0 WSE 3.0 到到WCFWCFWire level interoperable with Wire level interoperable with WCFWCF Beta 1Beta 1
WSE 3.0 investment is maintained WSE 3.0 investment is maintained Support for standard interoperable security scenariosSupport for standard interoperable security scenarios
WSE turnkey security assertions == Indigo security WSE turnkey security assertions == Indigo security binding elementsbinding elements
WSE 3.0 runs sideWSE 3.0 runs side--byby--side with side with WCFWCFUpgrade guidance will beUpgrade guidance will beprovided from WSE 3.0 provided from WSE 3.0 to Indigoto Indigo
应用系统应用系统
Service ModelService Model
MessagingMessaging
Hosting Hosting EnvironmentsEnvironments ASP.NETASP.NETASP.NET AvalonAvalonAvalon WinFormWinFormWinForm NT ServiceNT ServiceNT Service COM+COM+COM+
TCPChannel
TCPTCPChannelChannel
HTTPChannel
HTTPHTTPChannelChannel
QueueChannelQueueQueue
ChannelChannel
SecureChannelSecure
ChannelReliableChannelReliableReliableChannelChannel
Instance BehaviorInstance Instance BehaviorBehavior
Throttling Behavior
Throttling Throttling BehaviorBehavior
Type Integ. Behavior
Type Integ. Type Integ. BehaviorBehavior
TransactionBehavior
TransactionTransactionBehaviorBehavior
ConcurrencyBehavior
ConcurrencyConcurrencyBehaviorBehavior
ErrorBehavior
ErrorErrorBehaviorBehavior
MetadataBehaviorMetadataMetadataBehaviorBehavior
BinaryEncoderBinaryBinary
EncoderEncoder
Text/XMLEncoderText/XMLText/XMLEncoderEncoder
………
……
………
WCF WCF 架构架构
WASWASWAS
Windows Activation Service (WAS)Windows Activation Service (WAS)
HTTP.SYSHTTP.SYS TCP Transport TCP Transport ListenerListener
Named Pipes Named Pipes Transport ListenerTransport Listener
HTTP Listener HTTP Listener Adapter (IIS7)Adapter (IIS7)
NP Listener NP Listener AdapterAdapter
TCP Listener TCP Listener AdapterAdapter
Windows Activation ServiceWindows Activation Service (WAS)(WAS)
Single activation model shared by ASP.NET, IIS7, and WCFSingle activation model shared by ASP.NET, IIS7, and WCFSupports multiple protocolsSupports multiple protocols
WAS/IIS7 WAS/IIS7 架构架构
W3SVCW3SVC
Application PoolApplication Pool
Application Application
Application Application
Application
Application PoolApplication Pool
Application Application
Application Application
Application
Application PoolApplication Pool
Application Application
Application Application
Application
Application PoolApplication Pool
Application Application
Application Application
Application
Application PoolApplication Pool
Application Application
Application Application
Application
Application PoolApplication Pool
Application Application
Application Application
Application Windows Activation ServiceWindows Activation Service
Config MgrConfig Mgr
Process MgrProcess Mgr
HTTP.SYS
HTTP MgrHTTP Mgr
HTTP.SYS Indigo Net.TCPListener
Indigo Net.PipeListener
IIS 7.0 Architecture BenefitsIIS 7.0 Architecture BenefitsGeneralized Process Activation Generalized Process Activation Extensible multiExtensible multi--protocol supportprotocol supportConfigurable Health ManagementConfigurable Health ManagementSide by Side deploymentSide by Side deploymentUnified Management ModelUnified Management ModelFully ComponentizedFully Componentized
Web.config
Web.config
Web.config
Applicationhost.config
Activation and Hosting
WAS Avalon *.EXE NT Service COM+
MessagingHTTP
ChannelTCP
Channel
UDPChannelX-Proc
ChannelQueue
Channel
SOAP SecurityChannel
SOAP ReliabilityChannel
Text/XMLEncoderBinary
Encoder
Service Runtime
Contracts
ThrottlingBehavior
TransactionBehavior
ActivationBehavior
ConcurrencyBehavior
Cmd/ControlFacilities
ErrorBehavior
MetadataBehavior
InstanceBehavior
InspectionFacilities
DataContract
MessageContract
ServiceContract
Policy andBinding
WCF
InteroperabilityInteroperability
Network
App
OtherStack
Application App
BizTalkAdapter
App
WSE
Assurances
Messaging
SOAP
WS-Security
MTOMWS-Addressing
Metadata
WS-Policy
WSDL
UDDI
WS-MetadataExchange
XML Schema
WS-ReliableMessaging WS-Coordination
WS-AtomicTransaction
WS-BusinessActivity
WS-Trust
WS-SecureConversation
Infrastructureand Profiles
WS-ManagementWS-Federation DevicesProfile
Foundation
SOAP / HTTPMIME
XML Infoset
XML 1.0 XMLNamespaces
WS-* Protocols
从从WSE3.0WSE3.0到到WCFWCF的升级的升级
WSE 3.0, Interop & WCFWSE 3.0, Interop & WCF
采用采用WSE 3.0WSE 3.0ASMX & HTTPASMX & HTTPTurnkey Security Scenarios & PolicyTurnkey Security Scenarios & PolicyMTOM for large file transfer (WSE 3.0)MTOM for large file transfer (WSE 3.0)
避免避免Custom TransportsCustom Transports (ESB)(ESB)
Can be built, just not supported out of the boxCan be built, just not supported out of the box
DIME for large file transfer (WSE 2.0)DIME for large file transfer (WSE 2.0)
Maintain investment moving to WCFMaintain investment moving to WCF
WCF WCF 是新的是新的 .NET API.NET API加入了加入了serviceservice的的 Transactions and ReliabilityTransactions and Reliability
Wire level compatible with WSE 3.0Wire level compatible with WSE 3.0WCF clients can talk to WSE 3.0 servicesWCF clients can talk to WSE 3.0 servicesWSE 3.0 clients can talk to WCF servicesWSE 3.0 clients can talk to WCF servicesOnly WSE 3.0, not WSE 1.0 and 2.0 Only WSE 3.0, not WSE 1.0 and 2.0
API/Code is not compatibleAPI/Code is not compatibleWSE 3.0 code will not compile in WCFWSE 3.0 code will not compile in WCF
WSE 3.0 runs side by side with WCFWSE 3.0 runs side by side with WCFWSE 3.0 concepts will help you with WCFWSE 3.0 concepts will help you with WCF微软将提供从微软将提供从WSE3.0WSE3.0到到WCFWCF的升级指南的升级指南
ResourcesResources
Web Services & Other Distributed Web Services & Other Distributed Technologies Developer CenterTechnologies Developer Center(msdn.microsoft.com/webservices/building/wse)(msdn.microsoft.com/webservices/building/wse)
Video presentations by WSE TeamVideo presentations by WSE TeamHands on Labs for Messaging and SecurityHands on Labs for Messaging and SecurityArticles on WSE 3.0Articles on WSE 3.0
WSE 3.0 Security: Interoperability ConsiderationsWSE 3.0 Security: Interoperability Considerationshttp://msdn.microsoft.com/library/default.asp?url=/library/enhttp://msdn.microsoft.com/library/default.asp?url=/library/en--us/dnpag2/html/wss_appx_interopcons_wse30.aspus/dnpag2/html/wss_appx_interopcons_wse30.asp
Introduction to Building Windows Communication Foundation ServicIntroduction to Building Windows Communication Foundation Services, es, Clemens Vasters, Clemens Vasters, MSDN Online: http://msdn.microsoft.com/webservices/indigo/defaulMSDN Online: http://msdn.microsoft.com/webservices/indigo/default.aspx?t.aspx?pull=/library/enpull=/library/en--us/dnlong/html/introtowcf.aspus/dnlong/html/introtowcf.asp
总结总结
message level message level 的安全性。的安全性。
WSE3.0 WSE3.0 的应用范围,不同情形下对安全措施的的应用范围,不同情形下对安全措施的选择。选择。
使用使用 ““turnkey security scenariosturnkey security scenarios””所有所有turnkey security scenariosturnkey security scenarios的演示的演示
WCFWCF介绍。介绍。
从从WSE3.0WSE3.0到到WCFWCF的过渡。的过渡。