使用HTTPS以编程方式配置ServiceHost端点?

时间:2015-05-01 20:41:18

标签: wcf servicehost

我正在使用无文件激活,这是我在服务器端的完整web.config,它有两个端点:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="entityFramework" 
             type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
             requirePermission="false" />
  </configSections>
  <connectionStrings>
    <add name="RedStripe"
         connectionString="Data Source=S964;Initial Catalog=MyDatabase;Persist Security Info=True;User ID=sa;Password=***;MultipleActiveResultSets=True"
         providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="mssqllocaldb" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
  <system.web>
    <customErrors mode="Off"/>
  </system.web>
  <system.serviceModel>
    <serviceHostingEnvironment>
      <!-- where virtual .svc files are defined -->
      <serviceActivations>     
        <add service="Company.Project.Business.Services.AccountClassService" 
             relativeAddress="Account/AccountClassService.svc" 
             factory="Company.Project.WebHost.CustomServiceHostFactory"/>

        <add service="Company.Project.Business.Services.AccountService"
             relativeAddress="Account/AccountService.svc"
             factory="Company.Project.WebHost.CustomServiceHostFactory"/>

      </serviceActivations>
    </serviceHostingEnvironment>
  </system.serviceModel>
</configuration>

这是我的CustomServiceHostFactory:

public class CustomServiceHostFactory : ServiceHostFactory
{
    protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
    {
        return new CustomServiceHost(serviceType, baseAddresses);
    }
}

这是我的CustomServiceHost:

public class CustomServiceHost : ServiceHost
{        
    public CustomServiceHost(Type serviceType, Uri[] baseAddresses)
        : base(serviceType, baseAddresses)
    {
    }

    protected override void InitializeRuntime()
    {
        AddServiceDebugBehavior();
        AddWcfMessageLoggingBehavior();
        AddGlobalErrorHandlingBehavior();
        AddServiceCredentialBehavior();
        AddEndpoints();
        ConfigureThrottling();
        base.InitializeRuntime();
    }

    private void AddEndpoints()
    {
        var wsHttpBinding = WcfHelpers.ConfigureWsHttpBinding();

        foreach (Uri address in BaseAddresses)
        {
            var endpoint = new ServiceEndpoint(
                ContractDescription.GetContract(Description.ServiceType),
                wsHttpBinding, new EndpointAddress(address));

            AddServiceEndpoint(endpoint);

            //adding mex
            AddServiceMetadataBehavior();
            AddServiceEndpoint(
                ServiceMetadataBehavior.MexContractName,
                MetadataExchangeBindings.CreateMexHttpBinding(),
                address.AbsoluteUri + "/mex");

            break;
        }
    }
    private void AddGlobalErrorHandlingBehavior()
    {
        var errorHanlderBehavior = Description.Behaviors.Find<GlobalErrorBehaviorAttribute>();

        if (errorHanlderBehavior == null)
        {
            Description.Behaviors.Add(new GlobalErrorBehaviorAttribute(typeof(GlobalErrorHandler)));
        }
    }

    private void AddServiceCredentialBehavior()
    {
        var credentialBehavior = Description.Behaviors.Find<ServiceCredentials>();

        if (credentialBehavior == null)
        {
            var customAuthenticationBehavior = new ServiceCredentials();
            customAuthenticationBehavior.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
            customAuthenticationBehavior.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNamePasswordValidator();
            Description.Behaviors.Add(customAuthenticationBehavior);
        }
    }
    private void AddServiceDebugBehavior()
    {
        var debugBehavior = Description.Behaviors.Find<ServiceDebugBehavior>();

        if (debugBehavior == null)
        {
            Description.Behaviors.Add(
                new ServiceDebugBehavior() {IncludeExceptionDetailInFaults = true});
        }
        else
        {
            if (!debugBehavior.IncludeExceptionDetailInFaults)
                debugBehavior.IncludeExceptionDetailInFaults = true;
        }
    }
    private void AddServiceMetadataBehavior()
    {
        var metadataBehavior = Description.Behaviors.Find<ServiceMetadataBehavior>();

        if (metadataBehavior == null)
        {
            ServiceMetadataBehavior serviceMetadataBehavior = new ServiceMetadataBehavior();
            serviceMetadataBehavior.HttpsGetEnabled = true;
            Description.Behaviors.Add(serviceMetadataBehavior);
        }
    }
    private void AddWcfMessageLoggingBehavior()
    {
        var messageInspectorBehavior = Description.Behaviors.Find<WcfMessageInspector>();

        if (messageInspectorBehavior == null)
        {
            Description.Behaviors.Add(new WcfMessageInspector());
        }
    }
    private void ConfigureThrottling()
    {
        var throttleBehavior = Description.Behaviors.Find<ServiceThrottlingBehavior>();

        if (throttleBehavior != null) return;

        throttleBehavior = new ServiceThrottlingBehavior
        {
            MaxConcurrentCalls = 100,
            MaxConcurrentInstances = 100,
            MaxConcurrentSessions = 100
        };

        Description.Behaviors.Add(throttleBehavior);
    }
}

最后,这里是定义绑定的WcfHelper。这是在共享位置,因此我可以使用相同的方式以编程方式配置客户端绑定:

public class WcfHelpers
{
    public static WSHttpBinding ConfigureWsHttpBinding()
    {
        return new WSHttpBinding
        {
            Name = "myWSHttpBinding",                
            OpenTimeout = new TimeSpan(0, 10, 0),
            CloseTimeout = new TimeSpan(0, 10, 0),
            SendTimeout = new TimeSpan(0, 10, 0),
            MaxBufferPoolSize = 104857600,
            MaxReceivedMessageSize = 104857600,
            Namespace = Constants.RedStripeNamespace,
            ReaderQuotas = new XmlDictionaryReaderQuotas()
            {
                MaxDepth = 104857600,
                MaxStringContentLength = 104857600,
                MaxArrayLength = 104857600,
                MaxBytesPerRead = 104857600,
                MaxNameTableCharCount = 104857600
            },
            Security =
            {
                Mode = SecurityMode.TransportWithMessageCredential,
                Message = { ClientCredentialType = MessageCredentialType.UserName }
            }
        };

    }
}

当我发布这个WebHost项目并尝试浏览两个addreses之一时,如下所示: https://myserver/Project/Account/AccountService.svc 我收到以下错误:

  

提供的URI方案“http”无效;预计'https'。参数   name:context.ListenUriBaseAddress

我注意到在CustomServiceHost AddEndpoints()方法中,当循环遍历BaseAddresses时,如果我对地址进行硬编码,那么: https://myserver/Project/Account/AccountService.svc 然后我可以成功浏览它。使用无文件激活和相对寻址时,如何构建BaseAddresses?我在哪里可以指定他们使用https(现在看来他们正在使用http)?

提前致谢。

编辑1:这将解决问题,但似乎完全是黑客攻击,我在哪里使用无文件激活指定https,以便相对地址使用https构建?

var endpoint = new ServiceEndpoint(ContractDescription.GetContract(Description.ServiceType),
wsHttpBinding, new EndpointAddress(address.OriginalString.Replace("http:", "https:")));

编辑2:我想我已经了解了这里发生了什么。谢谢@Andreas K指出我正确的方向。如果我进入IIS并查看该站点的绑定,则有多个图像所示:enter image description here

在循环遍历BaseAddresses时,我将一些代码写入我的AddEndpoints()方法内的数据库。当我尝试使用浏览器来访问这样的服务时:https://my.server.local/Project/Account/AccountService.svc,在数据库中创建了两个条目。 http://my.server.local/Project/Account/AccountService.svc https://my.server.local/Project/Account/AccountService.svc

因此,似乎正在拾取IIS SITE BINDING。但是,现在我不确定为什么数据库中没有更多的BaseAddresses条目。 net.pipe,net.tcp等在哪里?

2 个答案:

答案 0 :(得分:2)

事实证明BaseAddresses来自我的Update 2中提到的IIS绑定,并再次感谢@Andreas K指出了我正确的方向。在IIS中,我有一个网站,其下有多个应用程序。我在这些绑定上启用了http和https。我在CustomServiceHost中更新了我的AddEndpoings()方法,如下所示:

private void AddEndpoints()
{
    var wsHttpBinding = WcfHelpers.ConfigureWsHttpBinding();

    foreach (var address in BaseAddresses.Where(a => a.Scheme == Uri.UriSchemeHttps))
    {
        var endpoint = new ServiceEndpoint(
            ContractDescription.GetContract(Description.ServiceType),
            wsHttpBinding, 
            new EndpointAddress(address));

        AddServiceEndpoint(endpoint);
        AddServiceMetadataBehavior();
    }
}

由于站点下的其他应用程序需要http,因此我的BaseAddresses总是包含两个(http和https)。我需要手动过滤http,因为我不想为这个特定网站公开它们。现在我知道他们如何居住我很满意。谢谢大家。

答案 1 :(得分:0)

试试这个:

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
cert = store.Certificates.Find(X509FindType.FindBySubjectName, certSubject, false)[0];

要获得证书,请执行以下操作(注意证书必须在证书库中):

var array = [
  {
    fields: { title: "Some title here" },
    sys: { id: "1234" }
  },
  {
    fields: { title: "Another one there" },
    sys: { id: "13456" }
  },
  {
    fields: { title: "Final example" },
    sys: { id: "234" }
  },
  {
    fields: { title: "Most final thing" },
    sys: { id: "4665" }
  },
];

这将在没有IIS的情况下运行。如果您使用的是IIS,则不需要将证书绑定到端口(我认为)