How to enable HTTPS on WCF RESTful Service?

2020-05-20 08:24发布

问题:

How to make wcf to work over https. I want to use this wcf over https i have searched many articles i didn't get the answer please help iam new to wcf concepts. I want to call it from ajax,jquery

 <system.serviceModel >
<services>
  <service
    name="WcfRestfulService.HttpService" behaviorConfiguration="ServiceBehaviour" >
    <endpoint address="" binding="webHttpBinding" behaviorConfiguration="web"
              contract="WcfRestfulService.IHttpService">
    </endpoint>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

回答1:

It appears you are building a RESTful Service with WCF and you are really close to securing it.

Here is what you need to do to secure it:

  1. Add a new WebHttpBinding configuration that has security mode set to Transport.
  2. Assign that new WebHttpBinding configuration to the your Service Endpoint binding.
  3. Make sure that your RESTful service can only be accessed via HTTPS by setting httpGetEnabled="false".
  4. Set up the metadata publishing endpoint to use HTTPS.

These changes are all summed up below in the revised configuration file (see comments for points that changed). Also note that your Service Endpoint must be using the HTTPS scheme and not HTTP.

<system.serviceModel >
  <services>
     <service name="WcfRestfulService.HttpService"
              behaviorConfiguration="ServiceBehaviour" >
         <endpoint address="" 
                   binding="webHttpBinding"
                   <!-- Add reference to secure WebHttpBinding config -->
                   bindingConfiguration="webHttpTransportSecurity"
                   behaviorConfiguration="web"
                   contract="WcfRestfulService.IHttpService" />
         <!-- Need to make sure that our metadata 
              publishing endpoint is using HTTPS as well -->
         <endpoint address="mex"
                   binding="mexHttpsBinding"
                   contract="IMetadataExchange" />
     </service>
  </services>
  <!-- Add secure WebHttpBinding config -->
  <bindings>
     <webHttpBinding>
        <binding name="webHttpTransportSecurity">
           <security mode="Transport" />
         </binding>
      </webHttpBinding>
  </bindings>
  <behaviors>
      <serviceBehaviors>
         <behavior name="ServiceBehaviour">
             <serviceMetadata httpsGetEnabled="true"
                              <!-- Make sure the service can 
                                 be accessed only via HTTPS -->
                              httpGetEnabled="false"/>
             <serviceDebug includeExceptionDetailInFaults="false"/>
         </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
         <behavior name="web">
             <webHttp/>
         </behavior>
      </endpointBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>


回答2:

You need to set security mode="Transport" in the binding

  <basicHttpBinding>
    <binding name="secureHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </basicHttpBinding>

Read more on MSDN



回答3:

I had the same problem, but wanted to test HTTP get requests, as my services are internal.

Remember to also make the HTTPS Get Enabled. httpsGetEnabled="true"

My config is below as an example:

   <bindings >
      <basicHttpBinding>
        <binding name="secureHttpBinding" >
          <security mode="Transport" />
        </binding>
   </bindings>
    .....
    <behaviors>
      <serviceBehaviors>
        <behavior >
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
       </serviceBehaviors>
     </behaviors>


标签: c# wcf rest ssl