我将实现一个在 NetHttpBinding 下工作的 Web 服务支持双工连接。但问题是我不知道如何保护它。我试过使用 CostumUserNamePasswordValidationMode , 这是我的 web.config :
<behaviors>
<serviceBehaviors>
<behavior name="Behavior1">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="MyWebSite"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfWSChat.UserNamePassValidator, WcfWSChat" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netHttpBinding>
</bindings>
<protocolMapping>
<add scheme="http" binding="netHttpBinding"/>
</protocolMapping>
<services>
<service name="WcfWSChat.WSChatService"
behaviorConfiguration="Behavior1" >
<endpoint address=""
binding="netHttpBinding"
bindingConfiguration="Binding1"
contract="WcfWSChat.IWSChatService" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
我认为问题是<security mode="Message"> ,每当我运行该项目时,无论是在 IIS Express 还是 IIS 8.0 上,我都会收到此错误:
Could not find a base address that matches scheme https for the endpoint with binding NetHttpBinding. Registered base address schemes are [http].
如果我改变 mode属性(property)None ,我不会再看到错误,但验证不起作用!
我该如何解决这个问题?
最佳答案
我认为您已经接近解决方案了。我试图复制您的问题,这就是我的想法。
- 在您的 ServiceMetadata 中添加 httpsGetEnabled 并将其设置为 true。元数据交换将在 HTTPS 中进行:
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
- 将 mexHttpBinding 更改为 mexHttpsBinding :
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
- 在您的绑定(bind)中添加:
<netHttpBinding> <binding name="netHttpBinding"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> </netHttpBinding>
- 由于 netHttpBinding 默认使用 http,我们需要一些映射。
<protocolMapping> <add scheme="https" binding="netHttpBinding"/> </protocolMapping>
- 出于某种原因,即使我将 protocolMapping 更改为对 netHttpBinding 使用 HTTPS,我仍然收到一条错误消息,提示 “找不到与具有绑定(bind) NetHttpBinding 的端点的方案 https 匹配的基地址。已注册的基地址方案是 [http]。”。
所以我所做的是,我在我的服务下添加了这样的地址:
<host> <baseAddresses> <add baseAddress="https://localhost/Services/"/> </baseAddresses> </host>
如果您没有看到上面突出显示的任何错误消息,您可以跳过第五步。我只是把它放在这里以防万一。
注意:我将我的证书安装在个人下的证书存储中,并将 CA 安装在受信任的根证书中。此示例仅在同一台机器下工作,因为我的证书名称只是 localhost。顺便说一下,我在这里使用的是 .Net framework 4.5。
下面是我的完整配置:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1" behaviorConfiguration="ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/"/>
</baseAddresses>
</host>
<endpoint address="" binding="netHttpBinding" bindingConfiguration="netHttpBinding" contract="WcfServiceLibrary1.IService1" name="WcfServiceLibrary1.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" listenUriMode="Explicit" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
**<!-- Retain your custom username password validator here -->**
</serviceCredentials>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netHttpBinding>
<binding name="netHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</netHttpBinding>
</bindings>
<protocolMapping>
<add scheme="https" binding="netHttpBinding"/>
</protocolMapping>
</system.serviceModel>
</configuration>
关于c# - 保护 WCF NetHttpBinding 的最有效方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31840443/