F5 负载均衡器后面的 WCF 服务(wsHttpBinding 绑定)
当前设置: - 我有一个带有 wsHttpBding 的 WCF 服务,请参阅下面的服务配置 - 我实现了一个ServiceHostFactory来解决模式位置和soap地址不正确的问题,将它们从机器名修改为正确的服务器主机名 - 我的测试客户端(WCFStorm)我可以生成代理,查看所有方法并成功调用它们。 - 我的开发环境(客户端 -> HTTPS -> 服务)运行良好。
问题: - 产品环境(客户端 -> HTTPS -> F5 -> HTTP -> 服务) - 我的服务位于 F5 负载均衡器后面,该均衡器卸载 SSL - 我的测试客户端(WCFStorm)我可以生成代理并查看所有方法,但是当我调用任何方法时,我收到远程服务器未找到 404 错误
我的服务配置: <代码> <代码> <服务> <服务行为配置=“Service1Behavior” 名称=“我的服务”> <端点名称=“安全”地址=“”绑定=“wsHttpBinding”绑定配置=“custBinding”契约=“IService”/> <端点地址=“mex”绑定=“mexHttpsBinding”合约=“IMetadataExchange”/> /> <绑定>
<绑定名称=“custBinding”> <安全模式=“传输”> <传输 clientCredentialType="None" /> <消息clientCredentialType =“无”negotiateServiceCredential =“false” 建立SecurityContext =“假”/> <行为> <服务行为> <行为名称=“Service1Behavior”>请注意,我在 wsdl 上的所有架构位置和肥皂地址在产品中都是正确的,但我根本无法调用任何方法。
请帮忙。
current setup:
- i have got a WCF service with wsHttpBding, see the service config below
- i have implemented a ServiceHostFactory to solve the problem of incorrect schema location and soap addresses, modifying them from machine name to the correct server hostname
- my test client (WCFStorm) i can generate a proxy, see all the methods and invoke them successfully.
- my dev environment (client-> HTTPS -> service) works perfectly.
problems:
- prod environment (client -> HTTPS -> F5 -> HTTP -> service)
- my service is behind F5 load balancer which offloads SSL
- my test client (WCFStorm) i can generate a proxy and see all the methods but when i invoke any of the methods i get a remote server not found 404 error
my service config:
<services>
<service behaviorConfiguration="Service1Behavior"
name="MyService">
<endpoint name="secure" address="" binding="wsHttpBinding" bindingConfiguration="custBinding" contract="IService"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="custBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
<message clientCredentialType="None" negotiateServiceCredential="false"
establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Service1Behavior">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" httpGetUrl="http://myserver/MyService.svc"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="6553600" />
</behavior>
</serviceBehaviors>
</behaviors>please note that all my schema locations and soap addresses on the wsdl are correct in prod, but i simply cannot invoke any methods.
please help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我们也有类似的情况,以下是我们的解决方法。
在服务中 - 我们将绑定更改为使用 basicHttpBinding 并添加了每个请求都必须传递的密钥。
在客户端中 - 我们将配置中的 http 更改为 https,并在
basicHttpBindings配置中将安全模式更改为Transport并使用clientCredentialType="None"。希望这有帮助。
更新:我很快就发现了这篇文章,我更新了配置并且它起作用了。所以现在我们使用 wsHttpBinding 而不是 basicHttpBinding。
https://web.archive.org/web/20151215000000*/http://blogs.msdn.com/ b/morgan/archive/2010/04/15/setting-up-wcf-with-a-load-balancer-using-ssl-in-the-middle.aspx
We have a similar situation and here's how we got it working.
in the service - we changed the binding to use
basicHttpBindingand added a key that must be passed with every request.in the client - we changed the http in the config to https and in the
basicHttpBindingsconfig changed the security mode toTransportwithclientCredentialType="None".Hope this helps.
UPDATE: I found this article soon after and I updated the configuration and it worked. So now we are using wsHttpBinding instead of basicHttpBinding.
https://web.archive.org/web/20151215000000*/http://blogs.msdn.com/b/morgan/archive/2010/04/15/setting-up-wcf-with-a-load-balancer-using-ssl-in-the-middle.aspx
您的服务配置的问题在于安全模式是
Transport,实际上它应该是None。由于对您的服务的任何调用都将在 F5 负载均衡器后面进行 HTTP,因此您不能在那里使用Transport安全模式(客户端 -> HTTPS -> F5 -> HTTP -> 服务)。但是,当从客户端调用服务时,客户端配置需要为传输安全模式,并且端点地址需要具有HTTPS地址。The problem with your service config is that the security mode is
Transport, where in reality it should beNone. Because any calls to your service will be HTTP behind F5 load balancer, you can not useTransportsecurity mode there (client -> HTTPS -> F5 -> HTTP -> service). However, when calling the service from your client, the client config will need to beTransportsecurity mode and the endpoint address will need to have anHTTPSaddress.这对您来说可能有点晚了,但我们是这样做的。生成代理后,我只需将配置中的 http: 更改为 https。现在,如果我有时必须使用 ssl 来调用它,有时则不需要,我将复制配置部分,并为副本指定一个不同的名称,然后当您构建客户端时,您可以传入配置名称,它会选择正确的一个。
This might be a little late for you, but here is how we do it. Once I have generated the proxy, I just change the http: in the config to https. Now, if I have to sometimes call it with ssl, and othertimes without, I will copy the config section, and give the copy a different name, and then when you construct the client, you can pass in the config name, and it will pick up the correct one.
我们无法通过第 7 层负载平衡来实现此功能 - 服务返回了各种错误消息。相反,它设置在第 4 层负载平衡上,没有任何问题。
We couldn't get this working through Layer 7 load balancing - there was various error messages returned from the service. Instead it's set up on Layer 4 load balancing with no issues.