为自托管WCF服务启用SSL绑定
[英]Enable SSL binding for self-hosted WCF service
问题描述
I run a self-hosted WCF service which I want to protect with self-signed SSL certificate. 
我运行了一个自托管的WCF服务,该服务要使用自签名SSL证书进行保护。 For that to work I need to bind this SSL certificate with certain port. 为此,我需要将此SSL证书与特定端口绑定。 There are couple ways of doing it: 有几种方法可以做到:
According to this http://msdn.microsoft.com/en-us/library/ms733791.aspx I can use
netshand it works but I would like not to have dependencies on the netsh and do everything from the .NET code.根据此http://msdn.microsoft.com/zh-cn/library/ms733791.aspx,我可以使用netsh并且可以使用它,但是我希望不依赖netsh,并且可以执行.NET代码中的所有操作。So I found the following snippet:
因此,我找到了以下代码段: using (ServerManager manager = new ServerManager()) { Site site = manager.Sites.FirstOrDefault(i => i.Applications.Cast<Application>().Any()); Application app = site.Applications.Cast<Application>().First(); site.Bindings.Add(":*:PORTN", cert.GetCertHash(), store.Name); manager.CommitChanges(); }
It works, however this required IIS to be installed. 它可以工作,但是这需要安装IIS。 Otherwise I'm getting the following exception: 否则,我得到以下异常:
Retrieving the COM class factory for component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))..
So, question is - is there any way to accomplish this inside managed code, but without having to install IIS? 因此,问题是-有什么方法可以在托管代码中完成此任务,而不必安装IIS?
2 个解决方案
解决方案1
1 已采纳 2013-01-16 20:21:21
Found the correct answer to my question: Binding an SSL certificate to a port programmatically 找到了我的问题的正确答案: 以编程方式将SSL证书绑定到端口
Instead of using managed classes like ServerManager I would need to rely on P/Invoking native API such as HttpSetServiceConfiguration . 而不是使用诸如ServerManager类的托管类,我需要依靠P / Invoking本机API(例如HttpSetServiceConfiguration 。
解决方案2
0 2013-01-16 14:17:39
is there any way to accomplish this inside managed code, but without having to install IIS?
Yes, and given that you are running as a service with enough privileges to call NETSH to do the allow and disallow as needed using Process.Start and WaitForExit and can achieve what you need in your question. 是的,并且假设您正在作为具有足够特权的服务运行,可以使用Process.Start和WaitForExit调用NETSH来根据需要进行允许和禁止,并且可以实现您的问题。
The command line syntax http://technet.microsoft.com/en-us/library/cc725882(WS.10).aspx for NETSH allows you to do everything you need. NETSH的命令行语法http://technet.microsoft.com/zh-cn/library/cc725882(WS.10).aspx允许您执行所需的所有操作。
If you want to figure out all the P/Invoke but it sounds like a lot of extra trouble, but that sounds like academic exercise with more risk of memory leaks and so on. 如果您想弄清楚所有P / Invoke,但这听起来很麻烦,但这听起来像是学术练习,有更多的内存泄漏风险,等等。
If you are running on Windows XP and are worried about NETSH not doing what you need, then you can also get Microsoft's HTTPCFG here http://msdn.microsoft.com/en-us/library/windows/desktop/aa364478%28v=vs.85%29.aspx 如果您在Windows XP上运行,并且担心NETSH无法满足您的需要,那么您也可以在此处获得Microsoft的HTTPCFG, 网址为http://msdn.microsoft.com/zh-cn/library/windows/desktop/aa364478%28v= vs.85%29.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.