如何在WCF RESTful服务上启用HTTPS?

时间:2015-03-25 02:53:28

标签: c# wcf rest ssl

如何让wcf通过https工作。我想在https上使用这个wcf我搜索了很多文章我没有得到答案请帮助我对wcf概念的新手。我想从ajax,jquery

中调用它 
 <system.serviceModel >
<services>
  <service
    name="WcfRestfulService.HttpService" behaviorConfiguration="ServiceBehaviour" >
    <endpoint address="" binding="webHttpBinding" behaviorConfiguration="web"
              contract="WcfRestfulService.IHttpService">
    </endpoint>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

3 个答案:

答案 0 :(得分:35)

您似乎正在使用WCF构建RESTful服务,并且非常接近以保护它。

您需要采取以下措施来保护它:

  1. 添加安全模式设置为WebHttpBinding的新Transport配置。
  2. 将新的WebHttpBinding配置分配给您的服务端点绑定。
  3. 确保只能通过设置httpGetEnabled="false"
    4. 来通过HTTPS访问您的RESTful服务
  4. 设置元数据发布端点以使用HTTPS。

    5. 这些更改在修订后的配置文件中总结如下(请参阅有关更改的点的注释)。另请注意,您的服务端点必须使用HTTPS方案,而不是HTTP。

    <system.serviceModel >
  <services>
     <service name="WcfRestfulService.HttpService"
              behaviorConfiguration="ServiceBehaviour" >
         <endpoint address="" 
                   binding="webHttpBinding"
                   <!-- Add reference to secure WebHttpBinding config -->
                   bindingConfiguration="webHttpTransportSecurity"
                   behaviorConfiguration="web"
                   contract="WcfRestfulService.IHttpService" />
         <!-- Need to make sure that our metadata 
              publishing endpoint is using HTTPS as well -->
         <endpoint address="mex"
                   binding="mexHttpsBinding"
                   contract="IMetadataExchange" />
     </service>
  </services>
  <!-- Add secure WebHttpBinding config -->
  <bindings>
     <webHttpBinding>
        <binding name="webHttpTransportSecurity">
           <security mode="Transport" />
         </binding>
      </webHttpBinding>
  </bindings>
  <behaviors>
      <serviceBehaviors>
         <behavior name="ServiceBehaviour">
             <serviceMetadata httpsGetEnabled="true"
                              <!-- Make sure the service can 
                                 be accessed only via HTTPS -->
                              httpGetEnabled="false"/>
             <serviceDebug includeExceptionDetailInFaults="false"/>
         </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
         <behavior name="web">
             <webHttp/>
         </behavior>
      </endpointBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>

答案 1 :(得分:2)

您需要在绑定中设置security mode="Transport" 

  <basicHttpBinding>
    <binding name="secureHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </basicHttpBinding>

详细了解MSDN

答案 2 :(得分:0)

我遇到了同样的问题,但是想测试HTTP get请求,因为我的服务是内部的。

请记住也要启用HTTPS Get。 httpsGetEnabled="true"

我的配置如下:

   <bindings >
      <basicHttpBinding>
        <binding name="secureHttpBinding" >
          <security mode="Transport" />
        </binding>
   </bindings>
    .....
    <behaviors>
      <serviceBehaviors>
        <behavior >
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
       </serviceBehaviors>
     </behaviors>
相关问题
最新问题