我有一个启用了 wsHttpBindings 和 SSL 的 WCF 服务,但我想启用 WCF session 。
将 SessionMode 更改为必需后
SessionMode:=SessionMode.Required
我收到如下所述的错误。
Contract requires Session, but Binding 'WSHttpBinding' doesn't support it or isn't configured properly to support it.
这是我的示例应用程序。
App.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<client />
<bindings>
<wsHttpBinding>
<binding name="NewBinding0" useDefaultWebProxy="false" allowCookies="true">
<readerQuotas maxStringContentLength="10240" />
<!--reliableSession enabled="true" /-->
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" >
<extendedProtectionPolicy policyEnforcement="Never" />
</transport >
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="WcfServiceLib.TestService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"
contract="WcfServiceLib.ITestService">
<identity>
<servicePrincipalName value="Local Network" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://test/TestService.svc" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
ITestService.vb
<ServiceContract(SessionMode:=SessionMode.Required)>
Public Interface ITestService
<OperationContract(IsInitiating:=True, IsTerminating:=False)> _
Function GetData(ByVal value As Integer) As String
End Interface
TestService.vb
<ServiceBehavior(InstanceContextMode:=InstanceContextMode.PerSession, _
ReleaseServiceInstanceOnTransactionComplete:=False, _
ConcurrencyMode:=ConcurrencyMode.Single)>
Public Class TestService
Implements ITestService
Private _user As User
<OperationBehavior(TransactionScopeRequired:=True)>
Public Function GetData(ByVal value As Integer) As String _
Implements ITestService.GetData
If _user Is Nothing Then
_user = New User()
_user.userName = "User_" & value
_user.userPassword = "Pass_" & value
Return String.Format("You've entered: {0} , Username = {1} , Password = {2} ", _
value, _user.userName, _user.userPassword)
Else
Return String.Format("Username = {1} , Password = {2} ", _
_user.userName, _user.userPassword)
End If
End Function
End Class
我尝试了所有可能的解决方案,但没有任何帮助。
一些启用可靠 session 的建议,但它不适用于ssl(如果您有自定义绑定(bind)),其他建议使用http 而不是 https,但如果可能的话,我想使用我当前的配置启用 session 。
有什么方法可以实现吗?
非常感谢任何形式的帮助。
最佳答案
如果您想要与 wsHttpBinding 进行“ session ”,则必须使用可靠的消息传递或安全 session 。 (来源:how to enable WCF Session with wsHttpBidning with Transport only Security)。
WSHttpBinding 支持 session ,但前提是启用了安全性 (SecureConversation) 或可靠的消息传递。 如果您正在使用传输安全,则它不会使用 WS-SecureConversation,并且 WS-ReliableMessaging 默认情况下处于关闭状态。因此,WSHttpBinding 用于 session 的两个协议(protocol)不可用。您要么需要使用消息安全性,要么打开可靠 session 。 (来源:http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/57b3453e-e7e8-4875-ba23-3be4fff080ea/)。
我们在标准绑定(bind)中不允许 RM over Https,因为保护 RM session 的方法是使用安全 session ,而 Https 不提供 session 。
我在这里找到了关于它的 msdn 简介:http://msdn2.microsoft.com/en-us/library/ms733136.aspx 宣传语是“唯一的异常(exception)是使用 HTTPS 时。 SSL session 未绑定(bind)到可靠 session 。这会造成威胁,因为共享安全上下文的 session (SSL session )没有相互保护;这可能是也可能不是真正的威胁,具体取决于应用程序。”
但是,如果您确定没有威胁,则可以这样做。有一个通过自定义绑定(bind)的 RM over HTTPS 示例 http://msdn2.microsoft.com/en-us/library/ms735116.aspx (来源:http://social.msdn.microsoft.com/forums/en-US/wcf/thread/fb4e5e31-e9b0-4c24-856d-1c464bd0039c/)。
为了总结您的可能性,您可以:
1 - 保留 wsHttpBinding,删除传输安全并启用可靠的消息传递
<wsHttpBinding>
<binding name="bindingConfig">
<reliableSession enabled="true" />
<security mode="None"/>
</binding>
</wsHttpBinding>
但是您失去了 SSL 层,然后失去了部分安全性。
2 - 保留wsHttpBinding,保留传输安全并添加消息认证
<wsHttpBinding>
<binding name="bindingConfig">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
您可以保留 SSL 安全层,但您的客户端必须提供(任何形式的)凭据,即使您不在服务端验证它们,仍必须提供假的凭据,因为 WCF 将拒绝任何消息不指定凭据。
3 - 使用具有可靠消息传递和 HTTPS 传输的自定义绑定(bind)
<customBinding>
<binding name="bindingConfig">
<reliableSession/>
<httpsTransport/>
</binding>
</customBinding>
除了 MSDN 中解释的威胁之外,我看不出这有任何缺点,这取决于您的应用程序。
4 - 使用其他 session 提供程序 如果您的应用程序在 IIS 中启动,您可以设置
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
并依赖于
HttpContext.Current.Session
为您所在的州。
或实现您自己的 cookie。
PS:请注意,对于所有这些 WCF 配置,我只测试了服务激活,而不是调用。
编辑:根据用户请求,wsHttpBinding 与 TransportWithMessageCredential 安全模式实现 session (我不太熟悉 VB.NET,所以请原谅我的语法):
服务代码片段:
<ServiceContract(SessionMode:=SessionMode.Required)>
Public Interface IService1
<OperationContract()> _
Sub SetSessionValue(ByVal value As Integer)
<OperationContract()> _
Function GetSessionValue() As Nullable(Of Integer)
End Interface
<ServiceBehavior(InstanceContextMode:=InstanceContextMode.PerSession,
ConcurrencyMode:=ConcurrencyMode.Single)>
Public Class Service1
Implements IService1
Private _sessionValue As Nullable(Of Integer)
Public Sub SetSessionValue(ByVal value As Integer) Implements IService1.SetSessionValue
_sessionValue = value
End Sub
Public Function GetSessionValue() As Nullable(Of Integer) Implements IService1.GetSessionValue
Return _sessionValue
End Function
End Class
Public Class MyUserNamePasswordValidator
Inherits System.IdentityModel.Selectors.UserNamePasswordValidator
Public Overrides Sub Validate(userName As String, password As String)
' Credential validation logic
Return ' Accept anything
End Sub
End Class
服务配置片段:
<system.serviceModel>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior">
<endpoint address="" binding="wsHttpBinding" contract="WcfService1.IService1" bindingConfiguration="bindingConf"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="bindingConf">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.MyUserNamePasswordValidator, WcfService1"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
客户端测试代码片段:
Imports System.Threading.Tasks
Module Module1
Sub Main()
Parallel.For(0, 10, Sub(i) Test(i))
Console.ReadLine()
End Sub
Sub Test(ByVal i As Integer)
Dim client As ServiceReference1.Service1Client
client = New ServiceReference1.Service1Client()
client.ClientCredentials.UserName.UserName = "login"
client.ClientCredentials.UserName.Password = "password"
Console.WriteLine("Session N° {0} : Value set to {0}", i)
client.SetSessionValue(i)
Dim response As Nullable(Of Integer)
response = client.GetSessionValue()
Console.WriteLine("Session N° {0} : Value returned : {0}", response)
client.Close()
End Sub
End Module
关于.net - 如何在 WCF 中使用 SSL wsHttpBinding 启用 session ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12578409/