WCF相互证书身份验证可在不同域上加载平衡的Web服务器 [英] WCF Mutual Certificate authentication to load balanced web servers on different domain
问题描述
你好
我正在寻找可以使我朝正确方向发展的人.我一直在花一些时间来配置解决方案的绑定,该解决方案将是客户端和服务器之间的X509证书相互认证.我相信的障碍 使我头疼的是WCF驻留在不同域中的托管环境中.此外,还有一个负载平衡器位于两个Web服务器的前面. 障碍是只有负载平衡器才需要流量 是SSL.一旦满足该要求,负载均衡器就会使用标准HTTP流量重定向到Web服务器.
I was looking for someone to put me in the right direction. I have been spending some time on configuring bindings for a solution that would be a X509 certificate mutual authentication between the client and the server. The hurdle that I believe is causing me headaches is that the WCF resides in a hosting environment that is on a different domain. In addition there is a load balancer that sits in front of two web servers. The hurdle is that only the load balancer requires the traffic to be SSL. Once it meets that requirement, the load balancer redirects to the web server with standard HTTP traffic.
不久之前,我不得不放置一个WCF服务来支持基于SSL的用户名身份验证,而且我不得不提出一个自定义绑定元素扩展,以允许凭据通过标准HTTP流量通过.我知道并了解后果 这个的. 不同的故事,但我想知道是否需要在此处开发一些自定义内容
Not too long ago, I had to put a WCF service that support username authentication over SSL and I had to come up with a custom binding element extension to allow the credentials to come through with standard HTTP traffic. I know and understand the ramification of this. Different story but I am wondering if something custom would need to be developed here
我用于DEV/Testing的x509证书是自签名的.在客户端上,出于开发和测试目的,我为ServicePointManager.ServerCertificateValidationCallback返回true
The x509 certificate I am using for DEV/Testing is a self-signed. On the client, for dev and testing purpose, I am returning true for ServicePointManager.ServerCertificateValidationCallback
我尝试了不同的绑定配置,这就是为什么我不发布它,而只是寻找某人来使我朝着正确的方向下降.
I have tried different binding configuration which is the reason I am not posting it and just looking for someone to put me in the right direction for me to go down.
基本上,我不断得到客户端的错误是关于验证消息的安全性.
Basically the errors I keep getting client side are about verifying security for the message.
服务器端,典型的消息将是"WCF安全处理器无法在消息中找到安全标头. 服务器已关闭以进行维护.
Server side the typical message would be "WCF Security Processor was unable to find a security header in the message. The servers are down for maintenance.
我正在寻找的可能是以下之一:
What I am looking for is could it be one of the following:
1)基于体系结构,所有标准绑定配置都可以做到这一点吗?
1) Based on the architecture, can all standard binding configuration accomplish this?
2)是否需要做一个自定义部分来支持这种负载均衡器重定向到HTTP的体系结构?
2) Is there a custom piece that I need to do to support this architecture of load balancer redirecting to HTTP?
3)由于体系结构的原因,无法实现这一目标.
3) Because of the architecture, there is no way to make this happen.
如果您有任何疑问,请告诉我.谢谢!
Please let me know if you have any questions. Thanks!
推荐答案
等等,
您是要实现客户端与负载平衡之间的SSL请求,还是实现负载平衡与后端服务之间的负载平衡之间的相互证书认证? SSL请求和http重定向 负载平衡和后端服务之间?换句话说,您的证书是用于身份验证还是加密的SSL?
Do you mean you want to achieve that SSL request between client and load balance, and mutual certificate authentication between load balanced between load balance and back-end service, or you want to achieve SSL request, and http redirect between load balanced and back-end service? In other words, is your certificate used to authentication or encrypted SSL?
有关使用wcf实现负载均衡器时要考虑的事项,建议您参考以下链接:
#使用WCF实施负载均衡器时应考虑的事项
https://msdn.microsoft.com/zh-CN/library/hh273122(v=vs.100).aspx
对于外部(https)->的此流程LB->在(http)内部,建议您参考以下链接:
#WCF:负载均衡器中的SSL卸载–一种简单的方法
爱德华
这篇关于WCF相互证书身份验证可在不同域上加载平衡的Web服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
