2012-02-11 71 views
0

我已經將WCF .svc文件添加到我的MVC3項目中,並試圖阻止通過HTTP訪問服務。WCF僅通過託管在MVC項目中的HTTPS SVC

通過以下配置,我的服務可通過https在一個端口上,然後通過另一個端口上的http訪問。

我該如何預防?

感謝

<system.serviceModel> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="TS"> 
        <security mode="Transport"> 
         <transport clientCredentialType="None"/> 
        </security> 
       </binding> 
      </basicHttpBinding> 
     </bindings> 
     <services> 
      <service name="Endpoints" behaviorConfiguration="Default"> 
       <endpoint address="https://localhost:44301/Services/Endpoints.svc" binding="basicHttpBinding" bindingConfiguration="TS" contract="UkerLtd.Services.IEndpoints"></endpoint> 
       <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" /> 
      </service> 
     </services> 
     <behaviors> 
      <serviceBehaviors> 
       <behavior name="Default"> 
        <serviceMetadata httpGetEnabled="false" httpsGetUrl="https://localhost:44301/Services/Endpoints.svc" httpsGetEnabled="true" /> 
        <serviceDebug includeExceptionDetailInFaults="true" /> 
       </behavior> 
      </serviceBehaviors> 
     </behaviors> 
     <serviceHostingEnvironment multipleSiteBindingsEnabled="false" /> 
    </system.serviceModel> 

回答

0

您可以發表評論或刪除第二個端點的IMetadataExchange接口,
因爲它是相同的服務,元數據將被
httpsGetEnabled =「真」,在被曝光serviceBehaviors/serviceMetadata。

否則,你可以「設置IIS以要求SSL」,但因爲它是不是一種選擇..

希望這會有所幫助。