How can I use WCF with only basichttpbinding, SSL and Basic Authentication in IIS?

我只是一个虾纸丫 提交于 2019-11-26 15:27:49

问题


Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only BasicHttpBinding-binding? (I can’t use the wsHttpBinding-binding)

The site is hosted on IIS 7, with the following authentication set up:

   - Anonymous access: off
   - Basic authentication: on
   - Integrated Windows authentication: off !!

Service Config:

<services>
  <service name="NameSpace.SomeService">
    <host>
      <baseAddresses>
        <add baseAddress="https://hostname/SomeService/" />
      </baseAddresses>

    </host>
    <!-- Service Endpoints -->
    <endpoint address="" binding="basicHttpBinding"
              bindingNamespace="http://hostname/SomeMethodName/1"
              contract="NameSpace.ISomeInterfaceService"
              name="Default"
                      />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <exceptionShielding/>
    </behavior>
  </serviceBehaviors>
</behaviors>

I tried 2 types of bindings with two different errors:

1 - IIS Error: 'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].

<bindings>
  <basicHttpBinding>
    <binding>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic"/>
      </security>
    </binding>
  </basicHttpBinding>

</bindings>

2 - IIS Error: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

<bindings>
  <basicHttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="Basic"/>
      </security>
    </binding>
  </basicHttpBinding>

</bindings>

Does somebody know how to configure this correctly? (if possible?)


回答1:


After some digging and asking some questions to a few colleagues, we finally solved the problem.

Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.

IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication. (Of course, create a windows account/group and set the permissions on your application in IIS.)

WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.

The binding configuration of the service:

<bindings>
  <basicHttpBinding>
     <binding>
        <security mode="Transport">
           <transport clientCredentialType="Basic" />
        </security>
     </binding>
  </basicHttpBinding>

And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.

Deleted:

<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>


来源:https://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-ii

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!