How to secure webHttpBinding?

2019-04-06 10:15发布

站内问答 / 前沿技术
1278 2 5

In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using wsHttpBinding with a security mode of Transport. Why is webHttpBinding not able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?

Essentially what is the difference between webHttpBinding and wsHttpBinding? 

<bindings>
  <wsHttpBinding>
    <binding name="TransportSecurity">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>

  <endpointBehaviors>
    <behavior name="EndpBehavior">
      <webHttp />
    </behavior>
  </endpointBehaviors>
</behaviors>

<services>
  <service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService">

    <endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" />

    <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />   
  </service>
</services>

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

2条回答
在下西门庆
2楼-- · 2019-04-06 10:48

I think this article will solve your problem. Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL

查看更多
0人赞 添加讨论(0) 举报
兄弟一词,经得起流年.
3楼-- · 2019-04-06 10:52

The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html is this:

<bindings>
  <webHttpBinding>
    <binding>
      <security mode="Transport" />
    </binding>
  </webHttpBinding>
</bindings>

but also remove exposing metadata if desired.

the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx

the relevant parts are:

Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the transport of webHttpBinding.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)