在配置文件中为具有在代码中创建的端点的服务设置 wcf 服务凭据
我希望能够在代码中设置服务端点的 uri,同时在配置文件中设置安全行为的配置。
以下内容让我了解了一些方法,该服务使用正确的绑定配置 - 但我找不到将证书配置移动到配置文件中的方法。
编辑:请注意,这里存在一些混乱 - 配置文件配置消息级别安全性的证书,ssl端口控制传输级别的证书 - 根据 Richard Blewett 的答案
var svc = new ServiceHost( typeof (MyService), new Uri(s));
svc.Authorization.PrincipalPermissionMode =
PrincipalPermissionMode.UseWindowsGroups;
svc.AddServiceEndpoint(typeof(IMyService), new WSHttpBinding("MyBinding"), "");
//svc.Credentials.ServiceCertificate.SetCertificate(
// StoreLocation.LocalMachine,
// StoreName.My,
// X509FindType.FindBySubjectName,
// "mycertname"
// );
注释掉的代码是我需要的在配置文件中找到一些等效的内容
<system.serviceModel>
<services>
<service name="MyNamespace.MyService" behaviorConfiguration="MyBehavior">
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
<!-- Or for message level security
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
-->
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
编辑:为了后代,我已经更新了问题和答案以涵盖消息级别和传输级别,因为我需要同时满足这两个级别。
I want to be able to set the uri for a service endpoint in code while having the configuration for the security behaviour set in the config file.
The following gets me some of the way there, the service uses the correct binding configuration - but I cannot find a way to move the cert configuration into the config file.
Edit: note there was some confusion here - the config file configures the cert for Message level security and the ssl port controls the cert for Transport level - as per Richard Blewett's answer
var svc = new ServiceHost( typeof (MyService), new Uri(s));
svc.Authorization.PrincipalPermissionMode =
PrincipalPermissionMode.UseWindowsGroups;
svc.AddServiceEndpoint(typeof(IMyService), new WSHttpBinding("MyBinding"), "");
//svc.Credentials.ServiceCertificate.SetCertificate(
// StoreLocation.LocalMachine,
// StoreName.My,
// X509FindType.FindBySubjectName,
// "mycertname"
// );
the commented out code is what I need to find some equivalent for in the config file
<system.serviceModel>
<services>
<service name="MyNamespace.MyService" behaviorConfiguration="MyBehavior">
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
<!-- Or for message level security
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
-->
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
Edit: for posterity I have updated the question and answer to cover both message level and transport level as I need cater for both.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
对于消息安全性,此服务行为应该满足您的需要。
但是,您正在使用传输安全性 - 换句话说,带有
wsHttpBinding的 HTTPS。因此,证书是由将证书绑定到端口的http.sys配置定义的。在 Windows 2008 上,您可以使用netsh.exe来控制和查看此配置。在 Windows 2003 上,您使用不太好用的工具httpcfg.exeFor Message security this service behavior should give you what you need
However, you are using transport security - in other words HTTPS with
wsHttpBinding. Therefore the cert is defined by the configuration ofhttp.syswhere you bind a cert to a port. On Windows 2008 you usenetsh.exeto contorl and view this configuration. on Windows 2003 you use the much less usable toolhttpcfg.exe