如何限制 WCF 服务对某些地址的可发现性?
我有一个连接到 WCF 服务并使用 WCF 4.0 发现的桌面应用程序。我使服务可发现的代码如下所示:
public static void MakeServiceHostDiscoverable(ServiceHost sh)
{
IServiceBehavior Beh = new ServiceDiscoveryBehavior();
sh.Description.Behaviors.Add(Beh);
ServiceEndpoint Endp = new UdpDiscoveryEndpoint();
sh.AddServiceEndpoint(Endp);
}
最近该应用程序由同一家公司的 2 个不同部门使用。每个部门都有自己的服务器,该部门的客户端只能发现该部门的服务器。现在客户可以看到公司网络内的所有服务器。
有没有办法让服务限制可以发现的 IP 地址?或者,更好的是,它可以在发现请求发生时动态批准/拒绝发现请求吗?
I have a desktop app that connects to a WCF service and uses WCF 4.0 discovery. My code to make the service discoverable looks like this:
public static void MakeServiceHostDiscoverable(ServiceHost sh)
{
IServiceBehavior Beh = new ServiceDiscoveryBehavior();
sh.Description.Behaviors.Add(Beh);
ServiceEndpoint Endp = new UdpDiscoveryEndpoint();
sh.AddServiceEndpoint(Endp);
}
Recently the app is being used by 2 different departments in the same company. Each department has its own server(s) and clients in that department should only discover the server(s) of this department. Right now clients can see all servers within the company network.
Is there a way for the service to limit from which IP addresses it can be discovered? Or, even better, can it dynamically approve/reject discovery requests as they happen?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
WS-Discovery 的初始发现方面按照广播原理工作——它不接收和回复请求。在某种程度上,元数据的目的是帮助客户区分其有资格获得哪些服务。除此之外,您应该应用适当的安全性来在服务级别对传入请求进行身份验证和授权。最后,如果这些部门位于不同的子网上,您可以过滤子网之间的 UDP 广播,前提是您拥有适当的网络基础设施。
The initial discovery aspect of WS-Discovery works on a broadcast principle -- it's not receiving and replying to requests. In part, the purpose of metadata is to help clients distinguish which services it is eligible for. Beyond that, you should apply appropriate security to authenticate and authorize incoming requests at the service level. Finally, if the departments are on separate subnets, you can filter the UDP broadcasts between subnets, presuming you have appropriate network infrastructure in place.