stackoom
  简体   繁体   中英

Enable basic HttpBinding without SSL in WCF

 原文  2010-09-28 16:16:46       c#/ wcf/ web-config

Question

The idea here is that for my testing, before I commit to purchasing the SSL certificate, I want to enable the WCF service in non-ssl mode. I've done it in the past using this code, but for the life of me, cannot figure out how to translate it into the web.config file.

If someone can put me in the right direction on how you would go about this translation, that would be much appreciated. 

                Binding basicBinding = null;
                if (RegistryConnectionStringFactory.UseSslForCommunications)
                {
                    basicBinding = new BasicHttpBinding();
                    (basicBinding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                    (basicBinding as BasicHttpBinding).Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

                    creds.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.MembershipProvider;
                    creds.UserNameAuthentication.MembershipProvider = Membership.Provider;
                }
                else
                {
                    HttpTransportBindingElement transport = new HttpTransportBindingElement()
                    {
                        AuthenticationScheme = System.Net.AuthenticationSchemes.Basic
                    };
                    basicBinding = new CustomBinding(transport);

                    svcHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new AspNetUsernamePasswordValidator();
                    svcHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
                }

4 answers

solution1
 2  2010-09-28 18:15:49

What is wrong with configuration based approach for BasicHttpBinding? You simply use TransportWithMessageCredential and UserName credentials for communication over HTTPS or TransportCredentialOnly and Basic credentials for communication over HTTP.

solution2
 2  2011-10-12 13:01:12

This is an extreme but you can allow anonymous and non-SSL by setting the security mode to "none". Anonymous might also affect your testing so probably not recommended. 

<binding name="HttpBasicSecurityConfig">
  <security mode="None">
  </security>
</binding>

From http://msdn.microsoft.com/en-us/library/ms731172.aspx :

Transport Credentials in Bindings 

Type   Description
None   Specifies that the client does not need to present any credential. This translates to an anonymous client.

solution3
 1 ACCPTED  2010-09-28 17:02:50

Because your post suggests that want to do this to avoid purchasing an SSL certificate before your testing is complete, I wanted to ask: To save yourself some time, could you just create your own self-signed certificate using makecert ?

If so, these notes might be of some help.

To create root certificate key files... 

makecert  -r -pe -n "CN=My Own Authority,O=My Company,C=US" -ss CA -sr CurrentUser -a sha1 -sky signature -sv mycert.pvk mycert.cer

To create a .PFX file... 

makecert -pe -n "CN=localhost" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic mycert.cer -iv mycert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv localhost.pvk localhost.cer
pvk2pfx -pvk localhost.pvk -spc localhost.cer -pfx localhost.pfx

Then, using the Certificates snap-in, import the mycert.cer file into the Trusted Root Certification Authorities on the local computer to tell those apps running on the local machine that any certificate signed by your own authority is trustworty.

Next, you import the localhost.pfx file into the Personal store on the local computer. (Doing this makes the certificate available to IIS so that it may declare itself, by your own authority, to be the server named "localhost".)

There's a detailed descripton of how to import the .PFX file into IIS 7 here: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm

solution4
 0  2010-09-28 16:36:16

I was looking at something similar today as well but my knowledge isn't 100% complete.

For the binding you will need to do something like this: 

   <bindings>
  <customBinding>
    <binding name="CustomBinding">
      <httpTransport authenticationScheme="Basic"/>
    </binding>
  </customBinding>

Then you need to create a serviceBehaviour for the custom validation: 

        <behavior name="serviceBehavior" >
      <serviceAuthorization principalPermissionMode="UseAspNetRoles"roleProviderName="CustomRolesProvider" />
      <serviceCredentials>
        <userNameAuthentication customUserNamePasswordValidatorType ="AspNetUsernamePasswordValidator [Fully qualified name]" userNamePasswordValidationMode="Custom" />
      </serviceCredentials>

obviously not tested but a similar config just worked for me and it may get you started...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The remote server returned an error: (401) Unauthorized. wcf httpbinding basic What are the limitations of WCF HTTPBinding? WCF on https without SSL WCF error calling Ws2007HttpBinding WCF: Significant Lag Returning Large Data Set over HttpBinding? How to seralize custom objects into stream (WCF HttpBinding - TransferMode = Streamed) Enable SSL on WCF. What is required to be done on Client Side? How to enable ssl without set commandName to IISEXPRES How Can I resolve WS2007HttpBinding WCF Service Binding in .NET Core Client Application Can I keep httpBinding off from client app when referencing another webservice in WCF?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM