[英]Enable basic HttpBinding without SSL in WCF
The idea here is that for my testing, before I commit to purchasing the SSL certificate, I want to enable the WCF service in non-ssl mode. 这里的想法是,对于我的测试,在我承诺购买SSL证书之前,我想以非SSL模式启用WCF服务。 I've done it in the past using this code, but for the life of me, cannot figure out how to translate it into the web.config file.
我过去使用此代码完成了此操作,但是对于我自己来说,无法弄清楚如何将其转换为web.config文件。
If someone can put me in the right direction on how you would go about this translation, that would be much appreciated. 如果有人可以让我正确指导您如何进行此翻译,那将不胜感激。
Binding basicBinding = null;
if (RegistryConnectionStringFactory.UseSslForCommunications)
{
basicBinding = new BasicHttpBinding();
(basicBinding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
(basicBinding as BasicHttpBinding).Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
creds.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.MembershipProvider;
creds.UserNameAuthentication.MembershipProvider = Membership.Provider;
}
else
{
HttpTransportBindingElement transport = new HttpTransportBindingElement()
{
AuthenticationScheme = System.Net.AuthenticationSchemes.Basic
};
basicBinding = new CustomBinding(transport);
svcHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new AspNetUsernamePasswordValidator();
svcHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
}
What is wrong with configuration based approach for BasicHttpBinding? BasicHttpBinding的基于配置的方法有什么问题? You simply use TransportWithMessageCredential and UserName credentials for communication over HTTPS or TransportCredentialOnly and Basic credentials for communication over HTTP.
您只需将TransportWithMessageCredential和UserName凭据用于通过HTTPS进行通信,或者将TransportCredentialOnly和Basic凭据用于通过HTTP进行通信。
This is an extreme but you can allow anonymous and non-SSL by setting the security mode to "none". 这是极端情况,但是您可以通过将安全模式设置为“无”来允许匿名和非SSL。 Anonymous might also affect your testing so probably not recommended.
匿名也可能会影响您的测试,因此不建议使用。
<binding name="HttpBasicSecurityConfig">
<security mode="None">
</security>
</binding>
From http://msdn.microsoft.com/en-us/library/ms731172.aspx : 从http://msdn.microsoft.com/en-us/library/ms731172.aspx :
Transport Credentials in Bindings 绑定中的传输凭据
Type Description
None Specifies that the client does not need to present any credential. This translates to an anonymous client.
Because your post suggests that want to do this to avoid purchasing an SSL certificate before your testing is complete, I wanted to ask: To save yourself some time, could you just create your own self-signed certificate using makecert
? 因为您的帖子建议这样做以避免在测试完成之前购买SSL证书,所以我想问:为了节省一些时间,您是否可以使用
makecert
创建自己的自签名证书?
If so, these notes might be of some help. 如果是这样,这些说明可能会有所帮助。
To create root certificate key files... 要创建根证书密钥文件...
makecert -r -pe -n "CN=My Own Authority,O=My Company,C=US" -ss CA -sr CurrentUser -a sha1 -sky signature -sv mycert.pvk mycert.cer
To create a .PFX file... 要创建.PFX文件...
makecert -pe -n "CN=localhost" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic mycert.cer -iv mycert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv localhost.pvk localhost.cer
pvk2pfx -pvk localhost.pvk -spc localhost.cer -pfx localhost.pfx
Then, using the Certificates snap-in, import the mycert.cer
file into the Trusted Root Certification Authorities on the local computer to tell those apps running on the local machine that any certificate signed by your own authority is trustworty. 然后,使用“证书”管理单元,将
mycert.cer
文件导入本地计算机上的“受信任的根证书颁发机构”,以告诉在本地计算机上运行的那些应用程序由您自己的权威机构签名的任何证书都是受信任的。
Next, you import the localhost.pfx
file into the Personal store on the local computer. 接下来,将
localhost.pfx
文件导入本地计算机上的“个人”存储中。 (Doing this makes the certificate available to IIS so that it may declare itself, by your own authority, to be the server named "localhost".) (这样做可以使IIS可以使用该证书,以便它可以通过您自己的权限将自己声明为名为“ localhost”的服务器。)
There's a detailed descripton of how to import the .PFX file into IIS 7 here: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm 这里有有关如何将.PFX文件导入IIS 7的详细说明: http : //www.digicert.com/ssl-support/pfx-import-export-iis-7.htm
I was looking at something similar today as well but my knowledge isn't 100% complete. 我今天也在看类似的东西,但是我的知识还不是100%完整。
For the binding you will need to do something like this: 对于绑定,您将需要执行以下操作:
<bindings>
<customBinding>
<binding name="CustomBinding">
<httpTransport authenticationScheme="Basic"/>
</binding>
</customBinding>
Then you need to create a serviceBehaviour for the custom validation: 然后,您需要为自定义验证创建一个serviceBehaviour:
<behavior name="serviceBehavior" >
<serviceAuthorization principalPermissionMode="UseAspNetRoles"roleProviderName="CustomRolesProvider" />
<serviceCredentials>
<userNameAuthentication customUserNamePasswordValidatorType ="AspNetUsernamePasswordValidator [Fully qualified name]" userNamePasswordValidationMode="Custom" />
</serviceCredentials>
obviously not tested but a similar config just worked for me and it may get you started... 显然没有经过测试,但是类似的配置仅对我有用,这可能会让您入门...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.