[英]WCF : How to remove http headers like aspnet version, server etc from WCF service calls
I have requirement where in for security reason I am not supposed to disclose response headers like server, asp.net version etc. 我出于安全原因有要求,我不应该公开响应头,例如服务器,asp.net版本等。
How can I restrict these headers when calls are made for WCF services. 调用WCF服务时如何限制这些标头。
I have already tried the below config settings but works fine for aspx page calls but not for WCF service calls. 我已经尝试过下面的配置设置,但是对于aspx页面调用工作正常,但对于WCF服务调用却行不通。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="Server" />
<remove name="X-Powered-By" />
<remove name="X-AspNet-Version" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Thanks, Mahantesh MB 谢谢,Mahantesh MB
You can go into IIS and select your Site where your webservice is running on, in the IIS section there is a button called HTTP Response Headers, click on it and remove the headers 您可以进入IIS并选择运行Web服务的站点,在IIS部分中,有一个名为HTTP Response Headers的按钮,单击它并删除标题
following your comment you can try to add a message inspector 在您发表评论之后,您可以尝试添加消息检查器
public class RemoveHeaders: IDispatchMessageInspector
{
public object AfterReceiveRequest(ref Message request,
IClientChannel channel, InstanceContext instanceContext)
{
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
var httpCtx = HttpContext.Current;
if (httpCtx != null)
{
httpCtx.Response.Headers.Remove(HttpResponseHeader.Server.ToString());
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.