如何确保我的WCF服务通过HTTPS并且所有通信都通过HTTPS进行?
我的web.config文件中没有提供http:// ...或https:// ....
HTTPS在IIS中设置,我可以通过http和https访问Web服务。
或者,如果它是否已加密且具有消息级别安全性,则不需要这样做吗?
<bindings>
<wsHttpBinding>
<binding name="Binding1" maxReceivedMessageSize="20000000">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
答案 0 :(得分:2)
HTTPS是基于传输层安全性(TLS)的HTTP。要启用它,除了现有的消息级安全性之外,还需要配置绑定以使用传输安全性:
<bindings>
<wsHttpBinding>
<binding name="Binding1" maxReceivedMessageSize="20000000">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
答案 1 :(得分:1)
这是https的配置:
<services>
<service name="WcfTransport.Service1" behaviorConfiguration="MyHttpsBehaviour">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurityBinding" contract="WcfTransport.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="MyHttpsBehaviour" >
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
请注意,httpsGetEnabled设置为true,httpGetEnabled设置为false。如果您不需要元数据交换,也可以删除mex端点。
P.S。邮件安全性用于邮件加密,但当然,您可以使用https。
来使用邮件安全性