如何为 wcf 服务创建 https 绑定?
How to create a https binding for a wcf service?
我继承了在内网上 运行 一段时间的服务。安全从来都不是问题,但有人问我是否可以将其公开到互联网。
绑定定义
LeanBinding 绑定是继承的,而 SecureLeanBinding 是我的猜测。
<bindings>
<customBinding>
<binding name="LeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
<binaryMessageEncoding compressionFormat="GZip">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
<binding name="SecureLeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
<binaryMessageEncoding compressionFormat="GZip">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"></httpsTransport>
</binding>
</customBinding>
</bindings>
客户端点
我复制了现有端点,但将地址更改为使用 https 并将绑定配置更改为使用 SucereLeanBinding。
<client>
<endpoint address="http://localhost/APP.Service/" binding="customBinding" bindingConfiguration="LeanBinding" contract="APP.IService" name="customBinding_IService" />
<endpoint address="https://localhost/APP.Service/" binding="customBinding" bindingConfiguration="SecureLeanBinding" contract="APP.IService" name="SecureBinding_IService" />
</client>
服务行为
我将httpsGetEnabled设为true
<behaviors>
<endpointBehaviors>
<behavior name="LeanEndPointBehaviour">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="LeanServiceBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer ignoreExtensionDataObject="false" maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
</behaviors>
协议映射
协议映射似乎不影响服务的行为。但为了完整起见,我将其包括在内。
<protocolMapping>
<add binding="customBinding" bindingConfiguration="SecureLeanBinding" scheme="https"/>
</protocolMapping>
服务定义
我添加了第二个终结点和 baseAddress。
<services>
<service name="APP.ServiceName" behaviorConfiguration="LeanServiceBehaviour">
<endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="LeanEndPointBehaviour" bindingName="LeanBinding" bindingConfiguration="LeanBinding" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="SecureLeanEndPointBehavior" bindingName="SecureLeanBinding" bindingConfiguration="SecureLeanBinding" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:80/APP.Service/" />
<add baseAddress="https://localhost:443/APP.Service/" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
http 绑定有效,但 https 绑定无效。任何帮助将不胜感激。
您如何托管服务? HTTP 服务端点需要传输安全模式和证书来保护通信。我们应该将证书绑定到服务器的端口。如果在IIS中,可以通过IIS网站绑定模块来完成。
配置文件中不需要基地址。
<host>
<baseAddresses>
<add baseAddress="http://localhost:80/APP.Service/" />
<add baseAddress="https://localhost:443/APP.Service/" />
</baseAddresses>
</host>
需要在IIS站点绑定模块中完成。
如果在控制台应用程序中或者它是自托管的,我们应该通过以下命令将证书绑定到特定端口。
netsh http add sslcert ipport=0.0.0.0:443
certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6
appid={00112233-4455-6677-8899-AABBCCDDEEFF}
https://docs.microsoft.com/en-us/windows/win32/http/add-sslcert
如果问题仍然存在,请随时告诉我。
我继承了在内网上 运行 一段时间的服务。安全从来都不是问题,但有人问我是否可以将其公开到互联网。
绑定定义
LeanBinding 绑定是继承的,而 SecureLeanBinding 是我的猜测。
<bindings>
<customBinding>
<binding name="LeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
<binaryMessageEncoding compressionFormat="GZip">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
<binding name="SecureLeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
<binaryMessageEncoding compressionFormat="GZip">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binaryMessageEncoding>
<httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"></httpsTransport>
</binding>
</customBinding>
</bindings>
客户端点
我复制了现有端点,但将地址更改为使用 https 并将绑定配置更改为使用 SucereLeanBinding。
<client>
<endpoint address="http://localhost/APP.Service/" binding="customBinding" bindingConfiguration="LeanBinding" contract="APP.IService" name="customBinding_IService" />
<endpoint address="https://localhost/APP.Service/" binding="customBinding" bindingConfiguration="SecureLeanBinding" contract="APP.IService" name="SecureBinding_IService" />
</client>
服务行为
我将httpsGetEnabled设为true
<behaviors>
<endpointBehaviors>
<behavior name="LeanEndPointBehaviour">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="LeanServiceBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer ignoreExtensionDataObject="false" maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
</behaviors>
协议映射
协议映射似乎不影响服务的行为。但为了完整起见,我将其包括在内。
<protocolMapping>
<add binding="customBinding" bindingConfiguration="SecureLeanBinding" scheme="https"/>
</protocolMapping>
服务定义
我添加了第二个终结点和 baseAddress。
<services>
<service name="APP.ServiceName" behaviorConfiguration="LeanServiceBehaviour">
<endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="LeanEndPointBehaviour" bindingName="LeanBinding" bindingConfiguration="LeanBinding" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="SecureLeanEndPointBehavior" bindingName="SecureLeanBinding" bindingConfiguration="SecureLeanBinding" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:80/APP.Service/" />
<add baseAddress="https://localhost:443/APP.Service/" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
http 绑定有效,但 https 绑定无效。任何帮助将不胜感激。
您如何托管服务? HTTP 服务端点需要传输安全模式和证书来保护通信。我们应该将证书绑定到服务器的端口。如果在IIS中,可以通过IIS网站绑定模块来完成。
配置文件中不需要基地址。
<host>
<baseAddresses>
<add baseAddress="http://localhost:80/APP.Service/" />
<add baseAddress="https://localhost:443/APP.Service/" />
</baseAddresses>
</host>
需要在IIS站点绑定模块中完成。
如果在控制台应用程序中或者它是自托管的,我们应该通过以下命令将证书绑定到特定端口。
netsh http add sslcert ipport=0.0.0.0:443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
https://docs.microsoft.com/en-us/windows/win32/http/add-sslcert
如果问题仍然存在,请随时告诉我。