我创建了一个简单的WCF REST服务,我打算从iPhone应用程序中使用它。 该服务工作正常,但现在我想保护它。
在我的测试环境中(Windows 7上的IIS)我已经使用makecert.exe设置了自签名证书。
我还覆盖了validate()方法,因此我可以使用自定义用户名&密码(因为Windows身份验证是不可能的)。
现在我被困了两天以上,想办法如何配置一切,以便它可以工作。
我现在的目标是能够通过浏览器执行简单的GET请求,例如:
https://localhost/testservice/service1.svc/sayHello
如果这样可行,我将继续阅读所有与iPhone相关的内容。
任何帮助/示例都将受到高度赞赏!
这是我的web.config:
<system.serviceModel>
<services>
<service name="IphoneWcf.Service1" behaviorConfiguration="IphoneWcf.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="webBinding" behaviorConfiguration="webBehavior" contract="IphoneWcf.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> -->
<host>
<baseAddresses>
<add baseAddress="https://localhost/iphonewcf" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webBehavior">
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="IphoneWcf.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="webBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
提前致谢!
答案 0 :(得分:1)
另一种选择是为客户端身份验证创建另一个证书。我很确定iPhone支持X509证书。只需将您的配置更改为客户端凭据类型为“证书”即可。这适用于基本身份验证,但如果您想要唯一标识每个客户端,您仍可能需要通过Basic自定义用户/名称pwd。
答案 1 :(得分:0)
您不必重写任何方法。只需在basicHttpBinding中声明Digest传输安全性:
<bindings>
<basicHttpBinding>
<binding name="SecurityByTransport">
<security mode="Transport">
<transport clientCredentialType="Digest" />
</security>
</binding>
</basicHttpBinding>
</bindings>
在iPhone应用中,您处理NSURLConnectionDelegate connection:didReceiveAuthenticationChallenge消息,如Handling Authentication Challenges所示:
-(void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge previousFailureCount] == 0) {
NSURLCredential *newCredential;
newCredential=[NSURLCredential credentialWithUser:[self preferencesName]
password:[self preferencesPassword]
persistence:NSURLCredentialPersistenceNone];
[[challenge sender] useCredential:newCredential
forAuthenticationChallenge:challenge];
} else {
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}