Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/333.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 保护WCF NetHttpBinding的最有效方法_C#_Wcf_Iis_Websocket - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 保护WCF NetHttpBinding的最有效方法

C# 保护WCF NetHttpBinding的最有效方法

c# wcf iis websocket

C# 保护WCF NetHttpBinding的最有效方法,c#,wcf,iis,websocket,C#,Wcf,Iis,Websocket,我将实现一个在NetHttpBinding下工作的web服务,以支持双工连接。但问题是我不知道如何保护它。我试图使用CostumUserNamePasswordValidationMode,这是我的web.config: <behaviors> <serviceBehaviors> <behavior name="Behavior1"> <serviceMetadata httpGetEnabled="tr

我将实现一个在
NetHttpBinding
下工作的web服务,以支持双工连接。但问题是我不知道如何保护它。我试图使用
CostumUserNamePasswordValidationMode
,这是我的
web.config

<behaviors>
      <serviceBehaviors>
        <behavior name="Behavior1">
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceCredentials>
            <serviceCertificate findValue="MyWebSite"
                  storeLocation="LocalMachine"
                  storeName="My"
                  x509FindType="FindBySubjectName" />
            <userNameAuthentication userNamePasswordValidationMode="Custom"
             customUserNamePasswordValidatorType="WcfWSChat.UserNamePassValidator, WcfWSChat" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <netHttpBinding>
        <binding name="Binding1">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </netHttpBinding>
    </bindings>
    <protocolMapping>
      <add scheme="http" binding="netHttpBinding"/>
    </protocolMapping>
    <services>
      <service name="WcfWSChat.WSChatService" 
               behaviorConfiguration="Behavior1" >
        <endpoint address="" 
                  binding="netHttpBinding"
                  bindingConfiguration="Binding1"
                  contract="WcfWSChat.IWSChatService" />
        <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
      </service>
    </services>
我认为问题在于
,无论何时运行项目,无论是在IIS Express还是IIS 8.0上,我都会遇到以下错误:

找不到与绑定为NetHttpBinding的终结点的方案https匹配的基址。注册的基址方案为[http]

如果我将
模式
属性更改为
,我将不再看到错误,但验证不起作用

我怎样才能解决这个问题

似乎与您注册为服务凭据的证书有关

我将尝试从
服务行为
中删除
服务证书

如果您想通过该证书强制SSL,那么我将在绑定部分将您的安全模式更新为
TransportWithMessageCredential
,并将您的协议映射方案更改为
https

,我想您已经接近解决方案了。我试图复制你的问题,这就是我的想法

  • 在ServiceMetadata中添加httpsGetEnabled并将其设置为true。元数据交换将在HTTPS中进行:

  • 将mexHttpBinding更改为mexHttpBinding:

  • 在绑定中添加以下内容:
    •
  • 由于netHttpBinding默认使用http,我们需要一些映射
  • 出于某些原因,即使我更改了protocolMapping以将HTTPS用于netHttpBinding,我仍然会收到一个错误,该错误表示“无法找到与绑定netHttpBinding的端点的方案HTTPS匹配的基址。注册的基址方案为[http]。” 所以我所做的是,我在我的服务下添加了一个基本地址,如下所示:
    如果没有看到上面突出显示的任何错误消息,则可以跳过步骤5。我只是把它放在这里以防万一

    注意:我将我的证书安装在Personal下的证书存储中,将CA安装在trusted Root certificate中。此示例仅在同一台计算机下工作,因为我的证书名只是localhost。顺便说一下,我在这里使用了.NETFramework4.5

    以下是我的完整配置:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <services>
      <service name="WcfServiceLibrary1.Service1" behaviorConfiguration="ServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/Services/"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="netHttpBinding"  bindingConfiguration="netHttpBinding" contract="WcfServiceLibrary1.IService1" name="WcfServiceLibrary1.IService1"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" listenUriMode="Explicit" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors >
        <behavior name="ServiceBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
            **<!-- Retain your custom username password validator here -->**
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <netHttpBinding>
        <binding name="netHttpBinding">
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </netHttpBinding>
    </bindings>
    <protocolMapping>
      <add scheme="https" binding="netHttpBinding"/>
    </protocolMapping>
  </system.serviceModel>
</configuration>

    
****
    我想使用自签名证书而不是SSLI不明白你的意思。。。您是否计划将证书用作凭据,但不使用它加密流量?您可能还需要考虑向证书添加正确的权限,以便您的应用程序能够访问证书的私钥。伙计们,我认为您应该使用
    netHttpsBinding
    ,而不是进行这些映射。只是一个想法。另外,您必须设置
    baseAddress
    来解决“找不到…”问题的原因是,应用程序没有向HTTP.sys注册地址(因为您进行了映射,但在https地址上实际上没有绑定任何内容)。使用正确的绑定应该可以解决这个问题。谢谢你提供的信息,我已经考虑过了,但我克制自己去改变他的绑定,因为这是他想要的方式。尽管如此,netHttpBinding对这个问题仍然有效:)这个问题有什么进展吗? 
    <protocolMapping>
    <add scheme="https" binding="netHttpBinding"/>
</protocolMapping>

    <host>
    <baseAddresses>
       <add baseAddress="https://localhost/Services/"/>
    </baseAddresses>
</host>

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <services>
      <service name="WcfServiceLibrary1.Service1" behaviorConfiguration="ServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/Services/"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="netHttpBinding"  bindingConfiguration="netHttpBinding" contract="WcfServiceLibrary1.IService1" name="WcfServiceLibrary1.IService1"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" listenUriMode="Explicit" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors >
        <behavior name="ServiceBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
            **<!-- Retain your custom username password validator here -->**
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <netHttpBinding>
        <binding name="netHttpBinding">
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </netHttpBinding>
    </bindings>
    <protocolMapping>
      <add scheme="https" binding="netHttpBinding"/>
    </protocolMapping>
  </system.serviceModel>
</configuration>