如何在 IIS 中将 WCF 与 basichttpbinding only 、SSL 和 Basic Authentication 一起使用? [英] How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?

问题描述

是否可以仅使用 BasicHttpBinding-binding 在 IIS 中设置带有 SSL 和基本身份验证的 WCF 服务?
(我不能使用wsHttpBinding-binding)

该站点托管在 IIS 7 上，并设置了以下身份验证:

• 匿名访问:关闭
• 基本身份验证:开启
• 集成 Windows 身份验证:关闭

---

服务配置:

<服务名称=NameSpace.SomeService"><主机><基地址><add baseAddress="https://hostname/SomeService/";/></baseAddresses></host><!-- 服务端点--><端点地址="绑定=基本HttpBinding"；bindingNamespace="http://hostname/SomeMethodName/1";contract="NameSpace.ISomeInterfaceService";名称=默认"/><端点地址=mex"绑定=mexHttpsBinding"合同=IMetadataExchange"/></服务></服务><行为><服务行为><行为><!-- 为避免泄露元数据信息，在部署之前将下面的值设置为 false 并删除上面的元数据端点 --><serviceMetadata httpsGetEnabled="true"/><!-- 要接收故障中的异常详细信息以进行调试，请将以下值设置为 true.在部署前设置为 false 以避免泄露异常信息 --><serviceDebug includeExceptionDetailInFaults="false"/><exceptionShielding/></行为></serviceBehaviors></行为>

我尝试了两种类型的绑定，但有两个不同的错误:

• 1.IIS 错误:<块引用>

  '无法找到与具有绑定 BasicHttpBinding 的端点的方案 http 匹配的基地址.注册的基地址方案是 [https].

  <基本HttpBinding><绑定><安全模式=TransportCredentialOnly"><transport clientCredentialType="Basic"/></安全></binding></basicHttpBinding></绑定>

• 2.IIS 错误:<块引用>

  此服务的安全设置需要匿名"身份验证，但未为托管此服务的 IIS 应用程序启用.

   <绑定><基本HttpBinding><绑定><安全模式=传输"><transport clientCredentialType="Basic"/></安全></binding></basicHttpBinding></绑定>

有人知道如何正确配置吗?(如果有可能吗?)

解决方案

经过一番挖掘，向几位同事提出了一些问题，我们终于解决了问题.

重要的是要了解在这种情况下有两个方面的安全性.IIS 安全和 WCF 安全.

IIS 安全性: 启用 SSL &启用基本身份验证.禁用匿名身份验证.(当然，创建一个 Windows 帐户/组并在 IIS 中设置您的应用程序的权限.)

WCF 安全性:因为绑定只是一个 BasicHttpBinding，所以服务不需要验证任何东西.IIS 对此负责.

服务的绑定配置:

<基本HttpBinding><绑定><安全模式=传输"><transport clientCredentialType="Basic";/></安全></binding></basicHttpBinding>

最后，为了解决第一个错误，我们删除了 mex 端点.此端点需要 HTTP 绑定.

已删除:

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)

The site is hosted on IIS 7, with the following authentication set up:

• Anonymous access: OFF
• Basic authentication: ON
• Integrated Windows authentication: OFF

---

Service Config:

<services>
  <service name="NameSpace.SomeService">
    <host>
      <baseAddresses>
        <add baseAddress="https://hostname/SomeService/" />
      </baseAddresses>

    </host>
    <!-- Service Endpoints -->
    <endpoint address="" binding="basicHttpBinding"
              bindingNamespace="http://hostname/SomeMethodName/1"
              contract="NameSpace.ISomeInterfaceService"
              name="Default"
                      />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <exceptionShielding/>
    </behavior>
  </serviceBehaviors>
</behaviors>

I tried 2 types of bindings with two different errors:

• 1. IIS Error:

  'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].

  <bindings>
     <basicHttpBinding>
       <binding>
         <security mode="TransportCredentialOnly">
           <transport clientCredentialType="Basic"/>
         </security>
       </binding>
     </basicHttpBinding>
   </bindings>
  

• 2. IIS Error:

  Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

   <bindings>
     <basicHttpBinding>
       <binding>
         <security mode="Transport">
           <transport clientCredentialType="Basic"/>
         </security>
       </binding>
     </basicHttpBinding>
    </bindings>
  

Does anyone know how to configure this correctly? (if is it possible?)

解决方案

After some digging and asking some questions to a few colleagues, we finally solved the problem.

Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.

IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)

WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.

The binding configuration of the service:

<bindings>
  <basicHttpBinding>
     <binding>
        <security mode="Transport">
           <transport clientCredentialType="Basic" />
        </security>
     </binding>
  </basicHttpBinding>

And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.

Deleted:

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>

这篇关于如何在 IIS 中将 WCF 与 basichttpbinding only 、SSL 和 Basic Authentication 一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！