【问题标题】:Self hosted WCF service doesn''t reply over HTTPS but HTTP works自托管 WCF 服务不通过 HTTPS 回复,但 HTTP 有效
【发布时间】:2013-11-02 22:10:05
【问题描述】:

我有一个自托管的 WCF 服务,当通过 HTTP 使用 wsHttpBinding 或 basicHttpBinding 调用时,它可以正常工作。客户端将包括 Internet 上的 Windows Phone 设备,因为它们不能使用 wsHttpBinding,我们肯定需要比我尝试使用 TransportWithMessageCredential 的 basicHttpBinding 提供更多的安全性。使用 HTTP 时一切正常,但如果我将客户端切换到 HTTPS,我会在 VS 中得到这些:“在 https://... 没有端点监听”“远程服务器返回错误:未找到。”

我启用了服务跟踪,它说它打开了 HTTPS 端口没有任何问题,当我检查 netstat -an 时,它确认端口确实是打开的。对服务的 HTTP 和 wsHttpBinding 调用效果很好,它们会在日志中生成事件,但这些 HTTPS 调用根本不会出现在那里。虽然启用了 HTTPS,但我也无法通过 HTTPS 获取元数据。

客户端和服务器在同一台机器上,证书是自签名的,但它可以与 wsHttpBinding 一起使用。

这里是服务配置:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.serviceModel>
    <services>
      <service behaviorConfiguration="xyzSecuredBehavior" name="x.x.xService">
        <endpoint address="/basic" binding="basicHttpBinding" bindingConfiguration="xyzBasicBinding"
                      contract="x.x.IxService" />
        <endpoint address="/secure" binding="basicHttpBinding" bindingConfiguration="xyzBasicBindingSecure"
                      contract="x.x.IxService" />
        <host>
          <baseAddresses>
            <add baseAddress="https://10.10.0.188:3003/xService" />
            <add baseAddress="http://10.10.0.188:3001/xService" />
          </baseAddresses>
        </host>
      </service>
    </services>

    <bindings>
      <wsHttpBinding>
        <binding name="customAuthenticationBinding" maxReceivedMessageSize="1000000" closeTimeout="23:59:59" openTimeout="23:59:59" receiveTimeout="23:59:59" sendTimeout="23:59:59">
          <readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>
      <basicHttpBinding>
        <binding name="xyzBasicBinding" maxBufferSize="1000000" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
          <readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
          <security mode="None">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
        <binding name="xyzBasicBindingSecure" maxBufferSize="1000000" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
          <readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>

        <behavior name="xyzSecuredBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="xyzTestCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="z.z.AuthenticationManager, z.zz" />
            <windowsAuthentication allowAnonymousLogons="false"/>
          </serviceCredentials>
          <serviceAuthorization serviceAuthorizationManagerType="z.z.AuthorizationManager, z.zz" />
          <serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <dataContractSerializer maxItemsInObjectGraph="1000000000" />
        </behavior>

        <behavior name="xyzBasicBehavior" >
          <serviceAuthorization serviceAuthorizationManagerType="z.z.AuthorizationManager, z.zz" />
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <dataContractSerializer maxItemsInObjectGraph="1000000000" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
</configuration>

这是客户端配置:

<configuration>
<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpBinding_IxService" maxBufferSize="2147483647"
                maxReceivedMessageSize="2147483647">
                <security mode="None" />
            </binding>
            <binding name="BasicHttpBinding_IxService1" maxBufferSize="2147483647"
                maxReceivedMessageSize="2147483647">
                <security mode="TransportWithMessageCredential" />
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://10.10.0.188:3001/xService/basic"
            binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IxService"
            contract="ServiceReference1.IxService" name="BasicHttpBinding_IxService" />
        <endpoint address="https://10.10.0.188:3003/xService/secure"
            binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IxService1"
            contract="ServiceReference1.IxService" name="BasicHttpBinding_IxService1_secure" />
    </client>
</system.serviceModel>

感谢任何帮助,因为我已经在这方面浪费了一两天的时间,谷歌搜索和摆弄设置也没有任何结果。

【问题讨论】:

  • 也许您可以尝试缩小范围,为 https 保持Transport 不安全或仅使用Transport 不带消息或仅使用消息凭据
  • 我尝试了链接问题中建议的设置(它们与 Rameez 发布的相同),但仍然出现相同的错误。

标签: c# wcf https


【解决方案1】:

这个已经回答过了,我这里不回答,而是给你链接

http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi

【讨论】:

  • 这篇文章是关于 wsHttpBinding 和 IIS 的,所以很遗憾它并不完全适用。
【解决方案2】:

我找到了解决这个问题的方法。因为该服务是自托管的,所以我需要手动将证书应用到应用程序。在服务器配置中指定它是不够的。

详细说明可以在这里找到: http://allen-conway-dotnet.blogspot.fi/2012/02/applying-and-using-ssl-certificate-with.html

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2013-01-14
    • 2019-11-21
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多