从Silverlight 4调用HTTPS-WCF服务时出现安全错误
我已经创建了一个简单的WCF服务,我想通过https访问它。WCF服务使用UserNamePasswordValidator、customBinding和UserNameOverTransport作为身份验证模式。我在IIS7.5中运行它,在那里我创建了一个自签名服务器证书 我尝试使用Silverlight 4应用程序连接到该服务。我在我的Silverlight 4应用程序中创建了一个服务引用,VS 2010会自动创建所需的代码(因此它显然能够连接到服务并获取信息) 当我调用WCF时,我得到一个SecurityException,没有关于原因的信息 我让小提琴手跑去看发生了什么事 找不到GET 404(文本/html)从Silverlight 4调用HTTPS-WCF服务时出现安全错误,silverlight,wcf,https,securityexception,Silverlight,Wcf,Https,Securityexception,我已经创建了一个简单的WCF服务,我想通过https访问它。WCF服务使用UserNamePasswordValidator、customBinding和UserNameOverTransport作为身份验证模式。我在IIS7.5中运行它,在那里我创建了一个自签名服务器证书 我尝试使用Silverlight 4应用程序连接到该服务。我在我的Silverlight 4应用程序中创建了一个服务引用,VS 2010会自动创建所需的代码(因此它显然能够连接到服务并获取信息) 当我调用WCF时,我得到一个
GET 200 OK(文本/xml) 因此,crossdomain.xml的GET似乎是对服务器的最后一次调用 crossdomain.xml如下所示:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
以下是我的WCF服务的Web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="ServiceConfiguratorDataSource.Service" behaviorConfiguration="ServiceConfiguratorDataSourceBehaviour">
<endpoint address="" binding="customBinding" bindingConfiguration="ServiceConfiguratorCustomBinding" contract="ServiceConfiguratorDataSource.IService" />
</service>
</services>
<bindings>
<customBinding>
<binding name="ServiceConfiguratorCustomBinding">
<security authenticationMode="UserNameOverTransport"></security>
<binaryMessageEncoding></binaryMessageEncoding>
<httpsTransport/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceConfiguratorDataSourceBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ServiceConfiguratorDataSource.UserCredentialsValidator,ServiceConfiguratorDataSource" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
这里是servicerences.ClientConfig
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IService">
<security authenticationMode="UserNameOverTransport" includeTimestamp="true">
<secureConversationBootstrap />
</security>
<binaryMessageEncoding />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://my.server:8099/ServiceConfiguratorDataSource/Service.svc" binding="customBinding" bindingConfiguration="CustomBinding_IService" contract="WCFDataProvider.IService" name="CustomBinding_IService" />
</client>
</system.serviceModel>
</configuration>
我不知道问题的原因是什么
提前感谢,Frank您的clientaccesspolicy.xml是否允许https?
示例。Samvel Siradeghyan提供的working clientaccesspolicy.xml->Tipp
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="https://*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
你是我的英雄!对clientaccesspolicy.xml的更改成功了!有趣的是,我需要允许http,即使我没有在我的请求中使用它,但只有使用https选项,我仍然得到了安全错误!我将在下面发布我的working clientaccesspolicy.xml,也许其他人也会遇到同样的问题。
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="https://*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>