C# 保护WCF NetHttpBinding的最有效方法
我将实现一个在C# 保护WCF NetHttpBinding的最有效方法,c#,wcf,iis,websocket,C#,Wcf,Iis,Websocket,我将实现一个在NetHttpBinding下工作的web服务,以支持双工连接。但问题是我不知道如何保护它。我试图使用CostumUserNamePasswordValidationMode,这是我的web.config: <behaviors> <serviceBehaviors> <behavior name="Behavior1"> <serviceMetadata httpGetEnabled="tr
NetHttpBinding
下工作的web服务,以支持双工连接。但问题是我不知道如何保护它。我试图使用CostumUserNamePasswordValidationMode
,这是我的web.config
:
<behaviors>
<serviceBehaviors>
<behavior name="Behavior1">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="MyWebSite"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfWSChat.UserNamePassValidator, WcfWSChat" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netHttpBinding>
</bindings>
<protocolMapping>
<add scheme="http" binding="netHttpBinding"/>
</protocolMapping>
<services>
<service name="WcfWSChat.WSChatService"
behaviorConfiguration="Behavior1" >
<endpoint address=""
binding="netHttpBinding"
bindingConfiguration="Binding1"
contract="WcfWSChat.IWSChatService" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
我认为问题在于
,无论何时运行项目,无论是在IIS Express还是IIS 8.0上,我都会遇到以下错误:
找不到与绑定为NetHttpBinding的终结点的方案https匹配的基址。注册的基址方案为[http]
如果我将模式
属性更改为无
,我将不再看到错误,但验证不起作用
我怎样才能解决这个问题 似乎与您注册为服务凭据的证书有关 我将尝试从
服务行为
中删除服务证书
如果您想通过该证书强制SSL,那么我将在绑定部分将您的安全模式更新为
TransportWithMessageCredential
,并将您的协议映射方案更改为https
,我想您已经接近解决方案了。我试图复制你的问题,这就是我的想法
如果没有看到上面突出显示的任何错误消息,则可以跳过步骤5。我只是把它放在这里以防万一
注意:我将我的证书安装在Personal下的证书存储中,将CA安装在trusted Root certificate中。此示例仅在同一台计算机下工作,因为我的证书名只是localhost。顺便说一下,我在这里使用了.NETFramework4.5
以下是我的完整配置:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1" behaviorConfiguration="ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/"/>
</baseAddresses>
</host>
<endpoint address="" binding="netHttpBinding" bindingConfiguration="netHttpBinding" contract="WcfServiceLibrary1.IService1" name="WcfServiceLibrary1.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" listenUriMode="Explicit" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
**<!-- Retain your custom username password validator here -->**
</serviceCredentials>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netHttpBinding>
<binding name="netHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netHttpBinding>
</bindings>
<protocolMapping>
<add scheme="https" binding="netHttpBinding"/>
</protocolMapping>
</system.serviceModel>
</configuration>
****
我想使用自签名证书而不是SSLI不明白你的意思。。。您是否计划将证书用作凭据,但不使用它加密流量?您可能还需要考虑向证书添加正确的权限,以便您的应用程序能够访问证书的私钥。伙计们,我认为您应该使用netHttpsBinding
,而不是进行这些映射。只是一个想法。另外,您必须设置baseAddress
来解决“找不到…”问题的原因是,应用程序没有向HTTP.sys注册地址(因为您进行了映射,但在https地址上实际上没有绑定任何内容)。使用正确的绑定应该可以解决这个问题。谢谢你提供的信息,我已经考虑过了,但我克制自己去改变他的绑定,因为这是他想要的方式。尽管如此,netHttpBinding对这个问题仍然有效:)这个问题有什么进展吗?
<protocolMapping>
<add scheme="https" binding="netHttpBinding"/>
</protocolMapping>
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/"/>
</baseAddresses>
</host>
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1" behaviorConfiguration="ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/"/>
</baseAddresses>
</host>
<endpoint address="" binding="netHttpBinding" bindingConfiguration="netHttpBinding" contract="WcfServiceLibrary1.IService1" name="WcfServiceLibrary1.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" listenUriMode="Explicit" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
**<!-- Retain your custom username password validator here -->**
</serviceCredentials>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netHttpBinding>
<binding name="netHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netHttpBinding>
</bindings>
<protocolMapping>
<add scheme="https" binding="netHttpBinding"/>
</protocolMapping>
</system.serviceModel>
</configuration>