如何在 IIS 中将 WCF 与 basichttpbinding only 、SSL 和 Basic Authentication 一起使用? [英] How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?
问题描述
是否可以仅使用 BasicHttpBinding-binding
在 IIS 中设置带有 SSL 和基本身份验证的 WCF 服务?
(我不能使用wsHttpBinding-binding
)
该站点托管在 IIS 7 上,并设置了以下身份验证:
- 匿名访问:关闭
- 基本身份验证:开启
- 集成 Windows 身份验证:关闭
服务配置:
<服务名称=NameSpace.SomeService"><主机><基地址><add baseAddress="https://hostname/SomeService/";/></baseAddresses></host><!-- 服务端点--><端点地址="绑定=基本HttpBinding";bindingNamespace="http://hostname/SomeMethodName/1";contract="NameSpace.ISomeInterfaceService";名称=默认"/><端点地址=mex"绑定=mexHttpsBinding"合同=IMetadataExchange"/></服务></服务><行为><服务行为><行为><!-- 为避免泄露元数据信息,在部署之前将下面的值设置为 false 并删除上面的元数据端点 --><serviceMetadata httpsGetEnabled="true"/><!-- 要接收故障中的异常详细信息以进行调试,请将以下值设置为 true.在部署前设置为 false 以避免泄露异常信息 --><serviceDebug includeExceptionDetailInFaults="false"/><exceptionShielding/></行为></serviceBehaviors></行为>
我尝试了两种类型的绑定,但有两个不同的错误:
- 1.IIS 错误:<块引用>
'无法找到与具有绑定 BasicHttpBinding 的端点的方案 http 匹配的基地址.注册的基地址方案是 [https].
<基本HttpBinding><绑定><安全模式=TransportCredentialOnly"><transport clientCredentialType="Basic"/></安全></binding></basicHttpBinding></绑定> - 2.IIS 错误:<块引用>
此服务的安全设置需要匿名"身份验证,但未为托管此服务的 IIS 应用程序启用.
<绑定><基本HttpBinding><绑定><安全模式=传输"><transport clientCredentialType="Basic"/></安全></binding></basicHttpBinding></绑定>
有人知道如何正确配置吗?(如果有可能吗?)
经过一番挖掘,向几位同事提出了一些问题,我们终于解决了问题.
重要的是要了解在这种情况下有两个方面的安全性.IIS 安全和 WCF 安全.
IIS 安全性: 启用 SSL &启用基本身份验证.禁用匿名身份验证.(当然,创建一个 Windows 帐户/组并在 IIS 中设置您的应用程序的权限.)
WCF 安全性:因为绑定只是一个 BasicHttpBinding,所以服务不需要验证任何东西.IIS 对此负责.
服务的绑定配置:
<基本HttpBinding><绑定><安全模式=传输"><transport clientCredentialType="Basic";/></安全></binding></basicHttpBinding>
最后,为了解决第一个错误,我们删除了 mex 端点.此端点需要 HTTP 绑定.
已删除:
Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding
?
(I can’t use the wsHttpBinding-binding
)
The site is hosted on IIS 7, with the following authentication set up:
- Anonymous access: OFF
- Basic authentication: ON
- Integrated Windows authentication: OFF
Service Config:
<services>
<service name="NameSpace.SomeService">
<host>
<baseAddresses>
<add baseAddress="https://hostname/SomeService/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding"
bindingNamespace="http://hostname/SomeMethodName/1"
contract="NameSpace.ISomeInterfaceService"
name="Default"
/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<exceptionShielding/>
</behavior>
</serviceBehaviors>
</behaviors>
I tried 2 types of bindings with two different errors:
- 1. IIS Error:
'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
<bindings> <basicHttpBinding> <binding> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings>
- 2. IIS Error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
<bindings> <basicHttpBinding> <binding> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings>
Does anyone know how to configure this correctly? (if is it possible?)
After some digging and asking some questions to a few colleagues, we finally solved the problem.
Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.
IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)
WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.
The binding configuration of the service:
<bindings>
<basicHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.
Deleted:
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
这篇关于如何在 IIS 中将 WCF 与 basichttpbinding only 、SSL 和 Basic Authentication 一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!