WCF 元数据位于单独的端口而非 SSL 上

发布于 2024-08-06 05:22:30 字数 989 浏览 4 评论 0原文

对复杂的 WCF 配置相当陌生，并且已经环顾四周，但无法清楚地回答这个问题。我正在寻找是的，这是可能的，理想情况下是一个样本，或者否，这是不可能的。

问题： 您能否将元数据 (WSDL) 从安全传输 (SSL) 服务中分离出来并使其成为普通的旧式 HTTP？

我们有一个 WCF 服务，该服务使用传输安全性 (SSL)。在此阶段，在开发过程中，我们使用自己的 SSL 证书，因此我们是 CA。

因此，WSDL 使用

<serviceMetadata httpsGetEnabled="true" />

“服务行为”来公开。

当您浏览到 WSDL https://devserver:8010/MyService/?wsdl 时，您会得到通常，不知道 CA 警告，只需单击“忽略”继续。

我遇到的问题之一是，即使我已将 CA 证书放入 cacerts 的 JDK/JRE 密钥库中，像 JAX-WS 这样的代理生成工具也会出现 HTTP.403 Forbidden 警告。

所以我在想，如果我可以分离出元数据，那么您可以将其公开在单独端口上的 HTTP 上，然后生成代理就不会出现证书问题。

因此，我尝试按如下方式标记服务元数据：

<serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8011/MyService/" />

但这不起作用，因为它现在混合了行为。

也许我错过了什么？也许这是不可能的？

是的，在某种程度上它是没有实际意义的，因为生产机器将有一个受信任的 CA，因此您不会收到证书信任警告。然而，现在的问题是这可能吗？

感谢所有帮助，谢谢哈德利

原文

Pretty new to complex WCF configs and have looked around, but couldn't clearly answer this.
I'm looking for a yes this is possible and ideally a sample or no, this is not possible.

Question:
Can you separate out the Metadata (WSDL) from a secure transport (SSL) service and make it plain old HTTP?

We have a WCF service that is using Transport security (SSL) for the service.
At this stage, during development we're using our own Certificates for the SSL, so we're a CA.

So the WSDL is exposed using

<serviceMetadata httpsGetEnabled="true" />

Under the service behaviours.

When you browse to the WSDL https://devserver:8010/MyService/?wsdl you get the usual, don't know the CA warning and just click IGNORE to continue on.

One of the problems I've got is that a proxy generation tool like JAX-WS just bails with a HTTP.403 Forbidden warning, even though I've put the CA certificate into the JDK/JRE keystore for cacerts.

So I was thinking, if I could separate out the Metadata then you could expose that on HTTP on a separate port and then there's no certificate issues for generating proxies.

So I tried marking the service metadata as follows:

<serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8011/MyService/" />

But this doesn't work as it's now mixing up the behaviour.

Perhaps I've missed something?
Perhaps this isn't possible?

And yes, to some extent it is moot, as a production machine WOULD have a trusted CA and therefore you won't get the certificate trust warnings.
However, it's now become a question of is this possible?

All help appreciated, thanks
Hadley

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

剧终人散尽 2024-08-13 05:22:30

您还需要指定您的 MEX 端点

http://bloggingabout.net/blogs/dennis/archive/2006/11/09/WCF-Part-4-3A00-Make-your -service-visible-through-metadata.aspx

请注意，它将需要不同的绑定配置，其中 security = None 而不是传输。

回复收藏 0 原文

春风十里 2024-08-13 05:22:30

做了一些更多的尝试和错误，最终的结果是这样的。为简洁起见，此内容被缩短。

<behaviors>
  <serviceBehaviors>
    <behavior name="serviceBehaviour">
      <serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8022/MyService/" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <basicHttpBinding>
    <binding name="basicHttp" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
      <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
      <security mode="Transport">
      </security>
    </binding>
  </basicHttpBinding>
  <webHttpBinding>
    <binding name="webHttp">
      <security mode="None">
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="serviceBehaviour" name="MyService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp" 
    name="httpsEndpoint" contract="IMyService" />
    <host>
      <baseAddresses>
        <add baseAddress="https://devserver:8020/MyService/" />
      </baseAddresses>
    </host>
  </service>

Did some more trial and error and the end result which works is like this. This is shortened for brevity.

<behaviors>
  <serviceBehaviors>
    <behavior name="serviceBehaviour">
      <serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8022/MyService/" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <basicHttpBinding>
    <binding name="basicHttp" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
      <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
      <security mode="Transport">
      </security>
    </binding>
  </basicHttpBinding>
  <webHttpBinding>
    <binding name="webHttp">
      <security mode="None">
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="serviceBehaviour" name="MyService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp" 
    name="httpsEndpoint" contract="IMyService" />
    <host>
      <baseAddresses>
        <add baseAddress="https://devserver:8020/MyService/" />
      </baseAddresses>
    </host>
  </service>

回复收藏 0 原文

~没有更多了~