WCF安全绑定问题

时间:2012-02-16 15:30:17

标签: wcf security binding configuration azure

您好我在Windows Azure项目中托管了 WCF服务作为WebRole

我的服务受SSL证书保护,这是有效的。
现在我想在我的操作合同上添加一些额外的安全性,如果我这样做(设置一个保护级别),我会得到下一个错误。

我需要配置一些绑定或其他东西才能使这个工作但是我不知道什么,我不知道在哪里。

项目信息:

错误: 

    The request message must be protected. This is required by an operation of the contract ('IService1','http://tempuri.org/').
    The protection must be provided by the binding ('BasicHttpBinding','http://tempuri.org/').

建筑

enter image description here
ServiceConfiguration.Cloud.cscfg& ServiceConfiguration.Local.cscfg 

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*">
  <Role name="WCFServiceWebRole">
    <Instances count="1" />
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
    </ConfigurationSettings>
    <Certificates>
      <Certificate name="Certificate1" thumbprint="51F357715F" thumbprintAlgorithm="sha1" />
    </Certificates>
  </Role>
</ServiceConfiguration>

ServiceDefinition.csdef中 

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
  <WebRole name="WCFServiceWebRole" vmsize="ExtraSmall" enableNativeCodeExecution="true">
    <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="Endpoint1" endpointName="Endpoint1" />
          <Binding name="Endpoint2" endpointName="Endpoint2" />
        </Bindings>
      </Site>
    </Sites>
    <Endpoints>
      <InputEndpoint name="Endpoint1" protocol="http" port="80" />
      <InputEndpoint name="Endpoint2" protocol="https" port="8080" certificate="Certificate1" />
    </Endpoints>
    <Imports>
      <Import moduleName="Diagnostics" />
    </Imports>
    <LocalResources>
      <LocalStorage name="WCFServiceWebRole.svclog" sizeInMB="1000" cleanOnRoleRecycle="false" />
    </LocalResources>
    <Certificates>
      <Certificate name="Certificate1" storeLocation="LocalMachine" storeName="My" />
    </Certificates>
  </WebRole>
</ServiceDefinition>

合同 

[DataContract]
public class KlantenContract
{
    [DataMember]
    public int PARTYID { get; set; }

    [DataMember]
    public string firstName { get; set; }

    [DataMember]
    public string lastName { get; set; }

IService1.cs 

namespace WCFServiceWebRole
{
    [ServiceContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
    public interface IService1
    {
        [OperationContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
        List<KlantenContract> GetAllKlanten(string firstName);
    }
}

的Web.config 

  <system.serviceModel>

    <bindings>
      <wsHttpBinding>
        <binding name="IService1">
          <security mode="Transport"></security>
        </binding>
        <binding name="Certificate1">
          <security>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

    <services>
      <service name="Service1" behaviorConfiguration="ServiceBehavior">
        <endpoint address="https://127.0.0.1:8080/Service1.svc" binding="wsHttpBinding"
          name="Endpoint2" contract="IService1">
        </endpoint>
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>

          <behavior name="ServiceBehavior">
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="false" />
            <serviceCredentials>
              <serviceCertificate findValue="CN=tempCert" />
            </serviceCredentials>
          </behavior>

          <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

1 个答案:

答案 0 :(得分:3)

如果您将服务设置为EncryptAndSign,则必须使用安全传输,例如HTTPS。如果您通过HTTP或HTTPS查看服务,我在您的上一个屏幕截图中不知道,但您必须使用HTTPS。

如果您希望IIS注意安全绑定,您可以将安全模式设置为TransportWithCredentialOnly,并将您的Web角色配置为使用您的证书绑定到443,我认为您已经完成了,然后它应该没问题。

或者,您可以使用传输安全性,并且在ServerCredential部分中,您需要指定希望WCF用于创建安全传输的证书。

我从未尝试过消息安全模式,但我认为它应该可行,但您可能需要在消息安全配置元素下指定证书。

相关问题
最新问题