WCF 自托管服务 SSL/传输安全/基本身份验证不要求凭据

发布于 2024-11-07 15:25:57 字数 2344 浏览 0 评论 0原文

我创建了一个具有 HTTPS/SSL、传输安全性和基本身份验证的自托管 WCF 服务。由于某种原因，当我在浏览器中运行该服务时，它从不要求提供凭据。怎么了？

服务配置：

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WsHttpTest.GreetingServiceBehavior">
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WsHttpTest.GreetingServiceBehavior" name="WsHttpTest.GreetingService">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:8555/WsHttpTest/Greeting" />
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WsHttpTest.IGreetingService" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>
</configuration>

HTTP 配置：

C:\>httpcfg query ssl
    IP                      : 0.0.0.0:8555
    Hash                    : 14ae237add3c49 a5091367487563cf6f6a8f586
    Guid                    : {9416496a-6d3e-4680-a9d1-03defd97d7d6}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        :
    SslCtlStoreName         :
    Flags                   : 0
------------------------------------------------------------------------------
C:\>httpcfg query urlacl
    URL : https://localhost:8555/WsHttpTest/Greeting/
    ACL : D:(A;;GX;;;WD)
------------------------------------------------------------------------------

原文

I've created a self-hosted WCF service with HTTPS/SSL, transport security and Basic authentication. For some reason, when I run the service in the browser it never asks for credentials. What's wrong?

Service configuration:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WsHttpTest.GreetingServiceBehavior">
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WsHttpTest.GreetingServiceBehavior" name="WsHttpTest.GreetingService">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:8555/WsHttpTest/Greeting" />
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WsHttpTest.IGreetingService" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>
</configuration>

HTTP config:

C:\>httpcfg query ssl
    IP                      : 0.0.0.0:8555
    Hash                    : 14ae237add3c49 a5091367487563cf6f6a8f586
    Guid                    : {9416496a-6d3e-4680-a9d1-03defd97d7d6}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        :
    SslCtlStoreName         :
    Flags                   : 0
------------------------------------------------------------------------------
C:\>httpcfg query urlacl
    URL : https://localhost:8555/WsHttpTest/Greeting/
    ACL : D:(A;;GX;;;WD)
------------------------------------------------------------------------------

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

温馨耳语 2024-11-14 15:25:57

仅当您与端点通信时才使用 wsHttpBinding 的配置=您创建代理并调用在服务契约上公开的操作。打开服务的帮助页面时，您不会与端点通信。

ServiceMetadataBehavior 还提供两个附加属性 HttpsHelpPageBinding 和 HttpsHelpPageBindingConfiguration。也许如果您使用这些属性并为它们配置一些自定义绑定（必须是自定义的，因为它需要 MessageVersion.None），您将能够强制帮助页面也需要身份验证，但我从未尝试过它。

我会从以下内容开始：

<bindings>
  <cutstomBinding>
    <binding name="helpPage">
      <textMessageEncoding messageVersion="None" />
      <httpsTransport authenticationScheme="Basic" />
    </binding>
  </customBinding>
</bindings>

The configuration of wsHttpBinding is used only if you communicate with the endpoint = you create the proxy and call operation exposed on service contract. When opening the service's help page you don't communicate with the endpoint.

ServiceMetadataBehavior also offers two additional properties HttpsHelpPageBinding and HttpsHelpPageBindingConfiguration. Perhaps if you play with these properties and configure some custom binding (must be custom because it requires MessageVersion.None) for them you will be able to force help page to require authentication as well but I have never tried it.

I would start with something like:

<bindings>
  <cutstomBinding>
    <binding name="helpPage">
      <textMessageEncoding messageVersion="None" />
      <httpsTransport authenticationScheme="Basic" />
    </binding>
  </customBinding>
</bindings>

回复收藏 0 原文

~没有更多了~