仅基于HTTPS的WCF服务

时间:2012-02-06 16:44:34

标签: wcf .net-4.0 https iis-7.5

我有一个RESTful WCF服务,我想在Windows Server 2008 R2服务器上托管。它目前作为现有网站中的应用程序托管。端口443使用自签名证书。

我希望该服务仅通过HTTPS提供。在应用程序的SSL设置中,我将其设置为“要求SSL”。端点配置如下:

  <system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior name="Rest">
      <webHttp />
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>

    <behavior>
      <serviceAuthorization serviceAuthorizationManagerType="ACME.MyAuthorizationManager, ACME.WS.Authorization" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<standardEndpoints>

  <webHttpEndpoint>

    <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" />
  </webHttpEndpoint>
</standardEndpoints>

但是,我在尝试通过浏览器访问服务时收到了403条回复(例如https://example.com/myservices/baz-service/yip-resource)。

在配置期间我错过了什么吗?

2 个答案:

答案 0 :(得分:2)

在IIS上设置“Require SSL”选项意味着您正在使用客户端证书执行身份验证。如果您没有任何客户端证书身份验证,只需将该选项设置为忽略或禁用该选项。

要避免您的服务仅在HTTPS上投放,请从您网站上的“绑定”选项中删除HTTP绑定。否则只是暴露您的绑定以使用传输作为安全机制,并且应该处理仅在HTTPS上提供的WCF服务。

更新:

请查看我如何通过Https在IIS上托管RESTful服务:

[ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
    public class RestService
    {
        // TODO: Implement the collection resource that will contain the SampleItem instances

        private static List<SampleItem> sampleCollection = new List<SampleItem>();

        [WebGet(UriTemplate = "/get-Collection")]
        public List<SampleItem> GetCollection()
        {
            // TODO: Replace the current implementation to return a collection of SampleItem instances
            if (sampleCollection.Count == 0)
            {
                sampleCollection = new List<SampleItem>();
                sampleCollection.Add(new SampleItem() { Id = 1, StringValue = "Hello 1" });
                sampleCollection.Add(new SampleItem() { Id = 2, StringValue = "Hello 2" });
                sampleCollection.Add(new SampleItem() { Id = 3, StringValue = "Hello 3" });
                sampleCollection.Add(new SampleItem() { Id = 4, StringValue = "Hello 4" });
                sampleCollection.Add(new SampleItem() { Id = 5, StringValue = "Hello 5" });
            }
            return sampleCollection;
        }
}

我的Global.asax:

public class Global : HttpApplication
    {
        void Application_Start(object sender, EventArgs e)
        {
            RegisterRoutes();
        }

        private void RegisterRoutes()
        {
            // Edit the base address of Service1 by replacing the "Service1" string below
            RouteTable.Routes.Add(new ServiceRoute("", new WebServiceHostFactory(), typeof(RestService)));
        }
    }

我的web.config文件:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>


  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </modules>
  </system.webServer>

  <system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
      <endToEndTracing propagateActivity="true" activityTracing="true" messageFlowTracing="true" />
    </diagnostics>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <standardEndpoints>
      <webHttpEndpoint>
        <!-- 
            Configure the WCF REST service base address via the global.asax.cs file and the default endpoint 
            via the attributes on the <standardEndpoint> element below
        -->
        <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" maxBufferSize="500000" maxReceivedMessageSize="500000">          
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />          
        </standardEndpoint>
      </webHttpEndpoint>
    </standardEndpoints>
    <behaviors>
        <serviceBehaviors>
            <behavior name="">
                <serviceCredentials>
                    <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="localhost" />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

现在我的IIS指定了Https绑定:

Site Bindings in IIS

现在我的虚拟目录已经配置了名称XmlRestService,因此当我浏览资源时,我得到以下输出:

Output from a REST Service on HTTPS

答案 1 :(得分:0)

实现WCF有很多不同的方法。像许多这样的答案对我不起作用。我提出了以下快速解决方案。我认为这可能是最普遍和最简单的解决方案。这可能不被认为是雄辩的,但对于我们大多数人来说,无论如何我们的工作都不受欢迎。您可以尝试重定向,至少对于GET请求,而不是抛出错误。

#if !DEBUG
    // check secure connection, raise error if not secure 
    IncomingWebRequestContext request = WebOperationContext.Current.IncomingRequest;
    if (!request.UriTemplateMatch.BaseUri.AbsoluteUri.StartsWith("https://"))
    {
        throw new WebProtocolException(HttpStatusCode.BadRequest, "Https is required to use this service.", null);
    }
#endif
相关问题
最新问题