WCF Web API 安全
[英]WCF Web API security
问题描述
How can I configure wcf web api service for HTTPS transport?
如何为 Z0E8433F9A404F1F32101C14B0Z6 传输配置 wcf web api 服务? Does anyone know how much this will change in the final release since this is one of the areas they say will change?有谁知道这在最终版本中会有多大变化,因为这是他们说会改变的领域之一?
3 个解决方案
解决方案1
6 已采纳 2011-07-06 08:32:40
To support HTTPS you will need to enable transport security on the HttpBinding.要支持 HTTPS,您需要在 HttpBinding 上启用传输安全性。 This can be done by deriving from the HttpConfigurableServiceHostFactory and override the CreateServiceHost like this:这可以通过从 HttpConfigurableServiceHostFactory 派生并覆盖 CreateServiceHost 来完成,如下所示:
public class HypertextTransferProtocolSecureServiceHostFactory : HttpConfigurableServiceHostFactory
{
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
var configurationBuilder = HttpHostConfiguration.Create();
var host = new HttpConfigurableServiceHost(serviceType, configurationBuilder, baseAddresses);
foreach (var endpoint in host.Description.Endpoints.Where(e => e.ListenUri.Scheme == "https"))
{
var binding = endpoint.Binding as HttpBinding;
if (binding != null)
{
binding.Security.Mode = HttpBindingSecurityMode.Transport;
}
}
return host;
}
}
Finally the HypertextTransferProtocolSecureServiceHostFactory must be added to the RouteTable:最后,必须将 HypertextTransferProtocolSecureServiceHostFactory 添加到 RouteTable:
RouteTable.Routes.Add(new ServiceRoute("routePrefix", new HypertextTransferProtocolSecureServiceHostFactory(), typeof(ServiceType)));
解决方案2
5 2011-09-02 15:48:15
In our latest drop you can set the binding without creating a new host by using the HttpConfiguration object.在我们的最新版本中,您可以使用 HttpConfiguration object 设置绑定,而无需创建新主机。 It exposes a SetSecurity method you can set to change the security mode.它公开了一个SetSecurity方法,您可以设置它来更改安全模式。
解决方案3
2 2011-11-28 19:17:38
Here is my configuration from the Global.asax, I check the URI and then use the correct mode.这是我在 Global.asax 中的配置,我检查了 URI,然后使用了正确的模式。 Works well in IIS and IIS Express.在 IIS 和 IIS Express 中运行良好。 . . . . . . my goal is Basic over HTTPS, however IIS express keeps the HTTP URI in the "binding" and unless you deal with it you get suck in an endless loop ( http://screencast.com/t/kHvM49dl6tP , http://screencast.com/t/5usIEy5jgPdX ) my goal is Basic over HTTPS, however IIS express keeps the HTTP URI in the "binding" and unless you deal with it you get suck in an endless loop ( http://screencast.com/t/kHvM49dl6tP , http://screencast .com/t/5usIEy5jgPdX )
var config = new HttpConfiguration
{
EnableTestClient = true,
IncludeExceptionDetail = true,
EnableHelpPage = true,
Security = (uri, binding) =>
{
if (uri.Scheme.Equals("https", StringComparison.InvariantCultureIgnoreCase))
binding.Mode = HttpBindingSecurityMode.Transport;
else
binding.Mode = HttpBindingSecurityMode.TransportCredentialOnly;
binding.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
},
CreateInstance = ((t, i, h) => container.Resolve(t))
};
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.