WCF中相同服务的两个端点,一个不受保护
[英]Two endpoints for same service in WCF, one secured one not
问题描述
I have a .Net service running on IIS 6 and WCF that I want to create two endpoints for. 
我有一个在IIS 6和WCF上运行的.Net服务,我想为它创建两个端点。 One secured with HTTPS and Basic authentication that will be accessed from our DMZ and one endpoint with no security that will only be accessible from the internal secure network. 一个使用HTTPS和基本身份验证进行保护,这些身份验证将从我们的DMZ和一个没有安全性的端点进行访问,只能从内部安全网络访问。 A firewall and maybe .Net filters will ensure that the unsecured service is not accessible outside the secure network. 防火墙和.Net过滤器将确保在安全网络外无法访问不安全的服务。
So far I have not been successful getting two endpoints working with different security parameters. 到目前为止,我还没有成功地让两个端点使用不同的安全参数。 One configuration I tried is: 我尝试过的一种配置是:
<service name="My.Service">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyService/"/>
</baseAddresses>
</host>
<endpoint address="UnSecuredAccessToMyService.svc"
behaviorConfiguration="restBehavior"
name="UnSecureEndpoint"
binding="webHttpBinding"
bindingName="SomeBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService.svc"
behaviorConfiguration="secBehavior"
name="SecuredEnpoint"
binding="webHttpBinding"
bindingConfiguration="customSecureBinding"
bindingName="SecBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
<behaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
<behavior name="secBehavior">
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="customSecureBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
The files UnSecuredAccessToMyService.svc and SecuredAccessToMyService.svc look like: UnSecuredAccessToMyService.svc和SecuredAccessToMyService.svc文件如下所示:
<%@ ServiceHost
Factory="somefactory, anotherfactory"
Service="My.Service, AnotherService"
%>
I am very new to WCF and .Net so extra details could really help, Thanks! 我是WCF和.Net的新手,所以额外的细节可以真正帮助,谢谢!
2 个解决方案
解决方案1
7 已采纳 2010-11-17 16:26:09
It looks like you've got your bindings and behaviours a little mixed up. 看起来你的绑定和行为有点混乱了。 Try changing your configuration to the following: 尝试将配置更改为以下内容:
<services>
<service name="My.Service">
<endpoint address="UnSecuredAccessToMyService.svc"
binding="webHttpBinding"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService.svc"
binding="webHttpBinding"
bindingName="secureWebHttpBinding"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="secureWebHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
This specifies both endpoints should use WebHttpBinding , but one will use the default binding and another will used a named binding "secureWebHttpBinding" which is configured to use Transport-layer security (SSL) and basic client authentication. 这指定两个端点都应该使用WebHttpBinding ,但是一个将使用默认绑定,另一个将使用命名绑定“secureWebHttpBinding”,它被配置为使用传输层安全性(SSL)和基本客户端身份验证。
These should not require further configuration or customized behaviour unless you have needs beyond what is built-in by default. 这些不应该需要进一步的配置或自定义行为,除非您有超出默认内置的需求。
Unfortunately a lot of WCF is trial-and-error debugging until you identify exactly which element is not operating correctly. 不幸的是,很多WCF都是试错法调试,直到你确切地确定哪个元素没有正确运行。 If the information I've given you doesn't work, specify more symptoms of your problem and I'll try to give further assistance. 如果我给你的信息不起作用,请指出问题的更多症状,我会尝试提供进一步的帮助。
解决方案2
1 2015-02-18 12:32:28
Use the configuration as 使用配置为
<service name="My.Service">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyService/UnSecuredAccessToMyService.svc"/>
</baseAddresses>
</host>
<endpoint address="UnSecuredAccessToMyService"
behaviorConfiguration="restBehavior"
name="UnSecureEndpoint"
binding="webHttpBinding"
bindingName="SomeBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService"
behaviorConfiguration="secBehavior"
name="SecuredEnpoint"
binding="webHttpBinding"
bindingConfiguration="customSecureBinding"
bindingName="SecBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
Notice that the address="UnSecuredAccessToMyService" and address="SecuredAccessToMyService" for endpoint part which is very important. 请注意,端点部分的地址=“UnSecuredAccessToMyService”和address =“SecuredAccessToMyService”非常重要。 Now when you are calling the URl from client you need to call the URI as http://localhost/MyService/UnSecuredAccessToMyService.svc/ UnSecuredAccessToMyService for Unsecured Access and http://localhost/MyService/UnSecuredAccessToMyService.svc/ SecuredAccessToMyService for Secured access. 现在,当您从客户端调用的网址,您需要调用URI作为HTTP://localhost/MyService/UnSecuredAccessToMyService.svc/ UnSecuredAccessToMyService的安全接入和HTTP://localhost/MyService/UnSecuredAccessToMyService.svc/ SecuredAccessToMyService的安全访问。
BaseAddress should be the fully qualified name including .svc BaseAddress应该是完全限定的名称,包括.svc
using the above configuration you will be able to use same .svc file, same contract, same operation/method but 2 different endpoint, 1 secure and 1 unsecure. 使用上面的配置,您将能够使用相同的.svc文件,相同的合同,相同的操作/方法,但2个不同的端点,1个安全和1个不安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.