如何使用 SSL 保护启用 Silverlight 的 WCF Web 服务? [英] How to secure a Silverlight-Enabled WCF Web Service with SSL?

问题描述

如何使用 SSL 保护启用 Silverlight 的 WCF Web 服务?我尝试将其设置为类似于由 SSL 保护的常规 WCF 服务，但它似乎不起作用.你在 Web.Config 中设置了什么，你在 Silverlight 的 ServiceReferences.ClientConfig 中设置了什么?

How do you secure a Silverlight-Enabled WCF Web Service with SSL? I have tried setting it up similar to a regular WCF service secured by SSL, but it doesn't seem to work. What do you set in the Web.Config, and what do you set in the Silverlight's ServiceReferences.ClientConfig?

我注意到在 Silverlight 客户端应用程序的 ServiceReferences.ClientConfig 文件中，绑定"标记只允许 basicHttpBinding 而不允许 wsHttpBinding.这是否意味着您无法保护启用 Silverlight 的 WCF 服务?如果是这样，是否有更好的方法来保护它?

I noticed that in the ServiceReferences.ClientConfig file of the Silverlight client app that the "Binding" tag only allows basicHttpBinding and NOT wsHttpBinding. Does this mean that you can not secure a Silverlight-Enabled WCF Service? If so are there better approaches to securing it?

推荐答案

我将三个关键位置配置为在我自己的应用程序中使用 https.

There are three key places that I configure to use https in my own apps.

Web.config

在行为标签中包含这一行:

In the behavior tag include this line:

<serviceMetadata httpsGetEnabled="true"/>

对于 MEX 端点，请确保使用 https 协议:

For the MEX endpoint, make sure you use the https protocol:

<endpoint address="mex" binding="mexHttpsBinding"
          contract="IMetadataExchange" />

创建自定义绑定.重要的部分是传输安全:

Create a custom binding. The important part is the transport security:

  <basicHttpBinding>
    <binding name="myServicesBinding">
      <security mode="Transport"/>
    </binding>
  </basicHttpBinding>

您还可以包含通常的授权内容:

You can also include the usual authorization stuff:

<authorization>
  <allow users="?"/>
  <deny users="*"/>
</authorization>

银光

在 Silverlight 端，将 ServiceReference 指向现在安全的服务，或者在代码中手动设置连接.ServiceReferences.ClientConfig 文件中应该包含安全内容:

On the Silverlight end, either point the ServiceReference at the now secure service, or set up the connections manually in code. the ServiceReferences.ClientConfig file should have the security stuff in it:

<security mode="Transport"/>

代码版本如下:

BasicHttpBinding b = new BasicHttpBinding(BasicHttpSecurityMode.Transport);

可能还有更复杂的事情可以做，但这对大多数人来说应该已经足够了.

There are probably more complex things that can be done, but this should be good enough for most people.

这篇关于如何使用 SSL 保护启用 Silverlight 的 WCF Web 服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！