json 如何保护 webHttpBinding?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19096480/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to secure webHttpBinding?
提问by Jaiesh_bhai
In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using wsHttpBindingwith a security mode of Transport. Why is webHttpBindingnot able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?
在我的 WCF 服务中,我试图通过 SSL 连接使用 JSON 将数据发送到客户端。我是能够争取到使用OData的数据库源到我的客户wsHttpBinding用的安全模式Transport。为什么webHttpBinding不能这样做才能使用 SSL?我将如何配置需要使用 JSON 来使用 SSL 连接的端点?
Essentially what is the difference between webHttpBindingand wsHttpBinding?
从本质上讲之间有什么区别webHttpBinding和wsHttpBinding?
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService">
<endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" />
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
回答by Ercan
I think this article will solve your problem. Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL
我想这篇文章会解决你的问题。 创建 WCF RESTful 服务并使用 HTTPS over SSL 保护它
回答by phil v
The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.htmlis this:
http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html的相关部分是这样的:
<bindings>
<webHttpBinding>
<binding>
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
but also remove exposing metadata if desired.
但如果需要,也可以删除暴露的元数据。
the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx
详细信息记录在 msdn 中:https://msdn.microsoft.com/en-us/library/bb924478( v=vs.110).aspx
the relevant parts are:
相关部分是:
Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service's SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the transport of webHttpBinding.
使用 HTTPS 提供传输安全。该服务需要配置 SSL 证书。消息完全使用 HTTPS 进行保护,客户端使用服务的 SSL 证书对服务进行身份验证。客户端身份验证通过webHttpBinding 传输的 ClientCredentialType 属性进行控制。
