[英]WCF Web API security
如何為 Z0E8433F9A404F1F32101C14B0Z6 傳輸配置 wcf web api 服務? 有誰知道這在最終版本中會有多大變化,因為這是他們說會改變的領域之一?
要支持 HTTPS,您需要在 HttpBinding 上啟用傳輸安全性。 這可以通過從 HttpConfigurableServiceHostFactory 派生並覆蓋 CreateServiceHost 來完成,如下所示:
public class HypertextTransferProtocolSecureServiceHostFactory : HttpConfigurableServiceHostFactory
{
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
var configurationBuilder = HttpHostConfiguration.Create();
var host = new HttpConfigurableServiceHost(serviceType, configurationBuilder, baseAddresses);
foreach (var endpoint in host.Description.Endpoints.Where(e => e.ListenUri.Scheme == "https"))
{
var binding = endpoint.Binding as HttpBinding;
if (binding != null)
{
binding.Security.Mode = HttpBindingSecurityMode.Transport;
}
}
return host;
}
}
最后,必須將 HypertextTransferProtocolSecureServiceHostFactory 添加到 RouteTable:
RouteTable.Routes.Add(new ServiceRoute("routePrefix", new HypertextTransferProtocolSecureServiceHostFactory(), typeof(ServiceType)));
在我們的最新版本中,您可以使用 HttpConfiguration object 設置綁定,而無需創建新主機。 它公開了一個SetSecurity方法,您可以設置它來更改安全模式。
這是我在 Global.asax 中的配置,我檢查了 URI,然后使用了正確的模式。 在 IIS 和 IIS Express 中運行良好。 . . . my goal is Basic over HTTPS, however IIS express keeps the HTTP URI in the "binding" and unless you deal with it you get suck in an endless loop ( http://screencast.com/t/kHvM49dl6tP , http://screencast .com/t/5usIEy5jgPdX )
var config = new HttpConfiguration
{
EnableTestClient = true,
IncludeExceptionDetail = true,
EnableHelpPage = true,
Security = (uri, binding) =>
{
if (uri.Scheme.Equals("https", StringComparison.InvariantCultureIgnoreCase))
binding.Mode = HttpBindingSecurityMode.Transport;
else
binding.Mode = HttpBindingSecurityMode.TransportCredentialOnly;
binding.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
},
CreateInstance = ((t, i, h) => container.Resolve(t))
};
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.