我已經創建了一個簡單的WCF服務,我想通過https訪問它。 WCF服務使用UserNamePasswordValidator,customBinding和UserNameOverTransport作爲身份驗證模式。我在創建自簽名服務器證書的IIS7.5中運行它。從Silverlight 4調用HTTPS-WCF服務時的安全錯誤
我嘗試使用Silverlight 4應用程序連接到該服務。我在我的Silverlight 4應用程序中創建了服務引用,VS 2010自動創建所需的代碼(顯然,它能夠連接到服務並獲取信息)。
當我調用WCF時,我得到一個SecurityException,但沒有關於原因的信息。
我有小提琴手跑來看看發生了什麼。
GET https://my.server:8099/clientaccesspolicy.xml 404未找到(文/ HTML)
GET https://my.server:8099/crossdomain.xml 200 OK(文/ XML)
所以對於crossdomain.xml的在GET似乎是到服務器的最後一次通話。
crossdomain.xml文件如下所示:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
的異常情況發生,當base.EndInvoke(......)被稱爲客戶端和ExceptionMessage如下:
{系統.Security.SecurityException ---> System.Security.SecurityException:Sicherheitsfehler bei System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult) bei System.Net.Browser.BrowserHttpWebRequest。 <> c_ DisplayClass5.b _4(Object sendState) bei System.Net.Browser.AsyncHelper。 <> C_ DisplayClass2.b _0(對象sendState) ---恩德DER internenAusnahmestapelüberwachung--- 貝System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod,對象狀態) 貝System.Net.Browser。 BrowserHttpWebRequest.EndGetResponse(IAsyncResult的asyncResult) 貝System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult的結果)}
這是我UserNamePasswordValidator。請注意,這包括一個用於調試原因的記錄器。奇怪的是,記錄器從不寫任何東西,所以看起來,甚至沒有調用Validate函數。
namespace ServiceConfiguratorDataSource
{
public class UserCredentialsValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (userName != "xyz" || password != "xyz")
{
logging.Logger.instance.StatusRoutine("LogOn Error: " + userName);
throw new FaultException("Credentials are invalid");
}
else
{
logging.Logger.instance.StatusRoutine("LogOn Success: " + userName);
}
}
}
}
這裏是我的WCF服務的Web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="ServiceConfiguratorDataSource.Service" behaviorConfiguration="ServiceConfiguratorDataSourceBehaviour">
<endpoint address="" binding="customBinding" bindingConfiguration="ServiceConfiguratorCustomBinding" contract="ServiceConfiguratorDataSource.IService" />
</service>
</services>
<bindings>
<customBinding>
<binding name="ServiceConfiguratorCustomBinding">
<security authenticationMode="UserNameOverTransport"></security>
<binaryMessageEncoding></binaryMessageEncoding>
<httpsTransport/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceConfiguratorDataSourceBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ServiceConfiguratorDataSource.UserCredentialsValidator,ServiceConfiguratorDataSource" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
這裏的ServiceReferences.ClientConfig
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IService">
<security authenticationMode="UserNameOverTransport" includeTimestamp="true">
<secureConversationBootstrap />
</security>
<binaryMessageEncoding />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://my.server:8099/ServiceConfiguratorDataSource/Service.svc" binding="customBinding" bindingConfiguration="CustomBinding_IService" contract="WCFDataProvider.IService" name="CustomBinding_IService" />
</client>
</system.serviceModel>
</configuration>
我的想法可能是什麼原因的問題。
由於提前,
弗蘭克
你是我的英雄!隨着clientaccesspolicy.xml的變化,它工作!有趣的是,我需要允許http,即使我沒有在我的請求中使用它,但只有https選項,我仍然有安全錯誤!我會在下面發佈我的工作clientaccesspolicy.xml,也許別人會有同樣的問題。 – Aaginor 2010-11-03 14:00:35