通过F5负载均衡器公开时,WCF服务代理生成会引发错误

时间:2014-11-07 17:53:23

标签: c# wcf ssl https load-balancing

我正在通过公司网络向公共网络公开我的服务。

我的证书是* .mydomain.com,一般证书。

我的服务负载均衡器网址为:

https://myservice.mydomain.com/service1.svc

我有两个应用服务器,网址为:

http://myservice1.mydomain.com/service1.svc http://myservice2.mydomain.com/service1.svc

我们使用F5负载均衡器的SSL off0loading。所以从外界到F5 LB,它的https和从LB到app服务器的http。我们在F5 LB配置了证书。

当我点击浏览器上的LB服务网址时,我收到“服务已创建页面

MyService Service

You have created a service.

To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:    

svcutil.exe http://myservice.mydomain.com/service1.svc?wsdl

You can also access the service description as a single file:

http://myservice.mydomain.com/service1.svc?singleWsdl

当我使用负载均衡器网址从我的客户端应用添加服务引用时,我收到以下错误:

The document was understood, but it could not be processed.
  - The WSDL document contains links that could not be resolved.
  - There was an error downloading 'http://myservice.mydomain.com/service1.svc?wsdl=wsdl0'.
  - Unable to connect to the remote server
  - No connection could be made because the target machine actively refused it 207.187.164.30:80
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
If the service is defined in the current solution, try building the solution and adding the service reference again.

但是当我直接从网络内部访问我的两个应用服务器url时,我能够生成代理生成并且我的服务工作得很好但是当我尝试通过LB url生成代理外部网络时,我得到了上述内容提到的错误。

我的服务绑定是:

<service behaviorConfiguration="DefaultBehavior" name="MyServices.MyService">
        <endpoint  binding="wsHttpBinding" contract="MyServices.IMyService" />
        <endpoint  address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>

和相应的行为是:

<behavior name="DefaultBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <errorHandler/>
        </behavior>

请帮我解决此问题

1 个答案:

答案 0 :(得分:1)

虽然我从我的节点公开服务作为http但是F5 LB正在重载ssl卸载所以我的服务来自F5 LB是https。由于我是从我的节点通过http方案公开元数据而F5 LB不支持http方案,因此阻止http url到F5 LB的wsdl生成因此我无法生成代理。

后来我从我的基础架构小组了解到,向生产中的客户公开元数据是一个安全问题,因此我们阻止它。

现在问题是当我们不暴露元数据端点时客户端如何使用服务?简单的答案是使用渠道工厂,并通过F5 LB的https网址创建代理和呼叫服务方法。这就是我解决问题的方法。

相关问题
最新问题