切换到SSL时在WCF中拒绝访问(ASP.NET Forms身份验证)

时间:2012-01-17 20:02:46

标签: asp.net wcf ssl forms-authentication

我有一个用户使用ASP.NET Forms身份验证登录的Web应用程序。在Web应用程序中有一个Silverlight应用程序。 Silverlight应用程序在同一服务器上调用WCF Web服务。 WCF服务不允许匿名访问,因此每个服务功能都具有:

    [PrincipalPermission(SecurityAction.Demand, Authenticated = true)]

当我在IIS上部署并使用HTTP时,所有这些都有效。

但是我想使用SSL,所以我尝试配置它。我在IIS中使用https绑定创建了一个网站。我可以使用https和ASP.NET Forms身份验证登录该站点。我可以下载Silverlight应用程序,但是当Silverlight尝试调用WCF Web服务(在同一服务器上,在/ Services下)时,我现在得到拒绝访问(我在使用http时没有得到这个)。

Aspx页面位于根目录中,.svc文件位于/ Services下,/ Img下的图像和/ Styles下的.css 我的web.config:

<location path="Img">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="Styles">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="Services">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<system.web>       
  <authentication mode="Forms">
    <forms name=".COOKIEDEMO" 
         loginUrl="~/Login.aspx"              
         protection="All"
         timeout="30"
         path="/"/>
  </authentication>
  <authorization>
    <deny users="?" />
  </authorization>
  <compilation strict="true" debug="true" explicit="true" targetFramework="4.0" />

<!-- Customizing the membership provider-->
<membership defaultProvider="SaverpMesProvider" userIsOnlineTimeWindow="30">
  <providers>
    <add name="SaverpMesProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" applicationName="SaverpMES" />
  </providers>      
</membership>

<roleManager enabled="true" defaultProvider="SaverpMesRoleProvider">
  <providers>
    <add name="SaverpMesRoleProvider"
    connectionStringName="LocalSqlServer"
    applicationName="SaverpMes"
    type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
  </providers>
</roleManager>

<profile inherits="SaverpMes.Web.MesProfile" defaultProvider="SaverpMesProfileProvider">
  <providers>
    <add name="SaverpMesProfileProvider"
    connectionStringName="LocalSqlServer"
    applicationName="SaverpMes"
    type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
  </providers>
</profile>

</system.web>

<system.serviceModel>
    <bindings>
        <customBinding>
            <binding name="CustomBinaryBinding">
                <binaryMessageEncoding/>
                <httpsTransport/>
            </binding>
        </customBinding>
    </bindings>
    <extensions>
        <behaviorExtensions>
            <add name="silverlightFaultExtension" type="SaverpMes.Web.Wcf.SilverlightFaultBehavior, SaverpMes.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
            <add name="wcfFaultExtension" type="SaverpMes.Web.Wcf.WcfFaultBehaviorExtensionElement, SaverpMes.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
        </behaviorExtensions>
    </extensions>
    <services>
      <service behaviorConfiguration="ServiceBehavior" name="Product.FrontEnd.WcfService.ProductService">
          <endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
              binding="customBinding" bindingConfiguration="CustomBinaryBinding"
              name="ProductServiceEndpoint" contract="Product.FrontEnd.Contract.IProductService" />
      </service>
      <service behaviorConfiguration="ServiceBehavior" name="Product.FrontEnd.WcfService.PublicProductService">
        <endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
            binding="customBinding" bindingConfiguration="CustomBinaryBinding"
            name="PublicProductServiceEndpoint" contract="Product.SG.IPublicProductService" />
      </service>
      <service behaviorConfiguration="ServiceBehavior" name="Identification.FrontEnd.WcfService.FrontEndService">
          <endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
              binding="customBinding" bindingConfiguration="CustomBinaryBinding"
              name="IdentificationServcieEndpoint" contract="Identification.FrontEnd.Contract.IFrontEndService" />
      </service>
      <service behaviorConfiguration="ServiceBehavior" name="Common.WcfService.CommonService">
          <endpoint address="" behaviorConfiguration="SilverlightFaultsBehavior"
              binding="customBinding" bindingConfiguration="CustomBinaryBinding"
              name="CommonServiceEndpoint" contract="Common.Contract.ICommonService" />
      </service>
    </services>

    <behaviors>
        <endpointBehaviors>
            <behavior name="SilverlightFaultsBehavior">
                <silverlightFaultExtension/>
            </behavior>
        </endpointBehaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <serviceMetadata httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <wcfFaultExtension/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
</system.serviceModel>

<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>

基本上,http网站和https网站之间我在web.config中所做的更改是customBinding下的httpsTransport和serviceMetadata下的httpsGetEnabled。

任何喜欢的人都非常感激!

1 个答案:

答案 0 :(得分:3)

我只需添加serviceAuthorization principalPermissionMode =&#34; None&#34;在web.config中。

<serviceBehaviors>
  <behavior name="ServiceBehavior">
    <serviceMetadata httpsGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="None" />
<wcfFaultExtension />
  </behavior>
</serviceBehaviors>