2012-02-06 141 views
2

我有一個RESTful WCF服務,我想在Windows Server 2008 R2服務器上託管。它目前作爲應用程序託管在現有網站中。一個自簽名證書正用於端口443.僅通過HTTPS的WCF服務

我希望服務僅通過HTTPS提供。在應用程序的SSL設置中,我將它設置爲「需要SSL」。端點配置如下:

<system.serviceModel> 
<behaviors> 
    <endpointBehaviors> 
    <behavior name="Rest"> 
     <webHttp /> 
    </behavior> 
    </endpointBehaviors> 
    <serviceBehaviors> 

    <behavior> 
     <serviceAuthorization serviceAuthorizationManagerType="ACME.MyAuthorizationManager, ACME.WS.Authorization" /> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> 
<standardEndpoints> 

    <webHttpEndpoint> 

    <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" /> 
    </webHttpEndpoint> 
</standardEndpoints> 

然而,試圖通過瀏覽器(例如https://example.com/myservices/baz-service/yip-resource)來訪問該服務時我收到403個響應。

配置過程中我錯過任何東西嗎?

+0

您是如何訪問該服務的?從瀏覽器或wcf代理? – BNL 2012-02-06 16:49:58

+0

綁定/端點配置對於您的svc是什麼樣的? – 2012-02-06 16:50:22

+0

初始嘗試訪問正在通過瀏覽器完成。我已經添加了端點配置。 – Bullines 2012-02-06 17:33:23

回答

2

在IIS上設置「需要SSL」選項意味着您正在使用客戶端證書執行身份驗證。如果您沒有任何客戶端證書身份驗證,只需將該選項設置爲忽略或禁用該選項即可。

爲了避免您的服務僅在HTTPS上投放,請從您網站上的「綁定」選項中移除HTTP綁定。否則,只需公開您的綁定以將傳輸用作安全機制,並且應該只處理僅在HTTPS上提供服務的WCF服務。

UPDATE:

請找我如何有​​IIS上承載的RESTful服務以https:

[ServiceContract] 
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] 
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)] 
    public class RestService 
    { 
     // TODO: Implement the collection resource that will contain the SampleItem instances 

     private static List<SampleItem> sampleCollection = new List<SampleItem>(); 

     [WebGet(UriTemplate = "/get-Collection")] 
     public List<SampleItem> GetCollection() 
     { 
      // TODO: Replace the current implementation to return a collection of SampleItem instances 
      if (sampleCollection.Count == 0) 
      { 
       sampleCollection = new List<SampleItem>(); 
       sampleCollection.Add(new SampleItem() { Id = 1, StringValue = "Hello 1" }); 
       sampleCollection.Add(new SampleItem() { Id = 2, StringValue = "Hello 2" }); 
       sampleCollection.Add(new SampleItem() { Id = 3, StringValue = "Hello 3" }); 
       sampleCollection.Add(new SampleItem() { Id = 4, StringValue = "Hello 4" }); 
       sampleCollection.Add(new SampleItem() { Id = 5, StringValue = "Hello 5" }); 
      } 
      return sampleCollection; 
     } 
} 

我的Global.asax:

public class Global : HttpApplication 
    { 
     void Application_Start(object sender, EventArgs e) 
     { 
      RegisterRoutes(); 
     } 

     private void RegisterRoutes() 
     { 
      // Edit the base address of Service1 by replacing the "Service1" string below 
      RouteTable.Routes.Add(new ServiceRoute("", new WebServiceHostFactory(), typeof(RestService))); 
     } 
    } 

我的web.config文件:

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 


    <system.web> 
    <compilation debug="true" targetFramework="4.0" /> 
    </system.web> 

    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"> 
     <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 
    </modules> 
    </system.webServer> 

    <system.serviceModel> 
    <diagnostics> 
     <messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" /> 
     <endToEndTracing propagateActivity="true" activityTracing="true" messageFlowTracing="true" /> 
    </diagnostics> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> 
    <standardEndpoints> 
     <webHttpEndpoint> 
     <!-- 
      Configure the WCF REST service base address via the global.asax.cs file and the default endpoint 
      via the attributes on the <standardEndpoint> element below 
     --> 
     <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" maxBufferSize="500000" maxReceivedMessageSize="500000">   
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />   
     </standardEndpoint> 
     </webHttpEndpoint> 
    </standardEndpoints> 
    <behaviors> 
     <serviceBehaviors> 
      <behavior name=""> 
       <serviceCredentials> 
        <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="localhost" /> 
       </serviceCredentials> 
      </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    </system.serviceModel> 
</configuration> 

現在我的IIS有HTTPS綁定指定:

Site Bindings in IIS

現在我的虛擬目錄已配置名稱XmlRestService,因此當我瀏覽到資源我得到下面的輸出:

Output from a REST Service on HTTPS

+0

我目前有「客戶端證書」設置爲忽略。 – Bullines 2012-02-07 13:45:47

+0

你不需要閱讀quotQuotas部分,但如果你的服務必須發送大量的數據,最好離開它。 – Rajesh 2012-02-07 14:30:08

+0

在下列情況下使用該標準Endpoint結果: 找不到與綁定WebHttpBinding的端點匹配方案http的基地址。註冊的基地址方案是[https]。 – Bullines 2012-02-07 14:41:00

0

有很多不同的方式來實現WCF。像許多這樣的答案不適合我。我提出了以下快速解決方案。我認爲這可能是最普遍和最簡單的解決方案。這可能不被認爲是雄辯的,但對於我們大多數人來說,無論如何我們的工作都沒有得到讚賞。您可以嘗試重定向,至少對於GET請求,而不是拋出錯誤。

#if !DEBUG 
    // check secure connection, raise error if not secure 
    IncomingWebRequestContext request = WebOperationContext.Current.IncomingRequest; 
    if (!request.UriTemplateMatch.BaseUri.AbsoluteUri.StartsWith("https://")) 
    { 
     throw new WebProtocolException(HttpStatusCode.BadRequest, "Https is required to use this service.", null); 
    } 
#endif