webHttpBinding WCF 服务通过 HTTP 而不是 HTTPS 响应

Question

我正在我的机器上开发 WCF restfull 服务，当我点击 HTTP 服务端点时，服务按预期响应。但是，当我点击 HTTPS 端点时，我得到一个 404 Not Found 返回。

Https 调用不会触发已实现为serviceAuthorizationManagerType 的CustomAuthorizationManager

知道为什么这不起作用吗？为什么基地址是 HTTPS 时允许 HTTP 流量？

HTTP 响应

HTTPS 响应

Web.config

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="TransportCredentialOnly">
            <!--Basic authentication is NOT supported when running webHttpBinding through IIS
            see - http://blogs.msdn.com/b/phenning/archive/2008/01/11/custom-usernamepassword-validators-in-net-framework-3-5.aspx
            and a resolution - http://allen-conway-dotnet.blogspot.co.uk/2012/07/using-basic-authentication-in-rest.html-->
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="restfulBehavior" name="Chubb.SurveyRecommendations.Service.SurveyRecommendationsService">
        <!--webHttpBinding allows exposing service methods in a RESTful manner-->
        <endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpTransportSecurity" behaviorConfiguration="webHttpBehavior" contract="Chubb.SurveyRecommendations.Service.ISurveyRecommendations"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:44300/"/>
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="restfulBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceAuthorization serviceAuthorizationManagerType="Chubb.SurveyRecommendations.Service.Security.CustomAuthorizationManager, Chubb.SurveyRecommendations.Service"/>
        </behavior>
      </serviceBehaviors>
      <!--Required default endpoint behavior when using webHttpBinding-->
      <endpointBehaviors>
        <behavior name="webHttpBehavior">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

合同

    [OperationContract]
    [WebGet(UriTemplate = "Echo/{value}", BodyStyle = WebMessageBodyStyle.Bare, RequestFormat = WebMessageFormat.Xml, ResponseFormat = WebMessageFormat.Xml)]
    string Echo(string value);

服务

public class SurveyRecommendationsService : ISurveyRecommendations
{
    public string Echo(string value)
    {
        if (string.IsNullOrWhiteSpace(value))
            return string.Empty;

        return value;
    }
}

Answer 1

好的，问题出在绑定上。

security mode="TransportCredentialOnly" 被指定，它不提供完整的传输 (HTTPS) 安全。

我将值改回security mode="Transport"，它按预期工作。

详情可见this MSDN article

无 - 表示 HTTP 请求不使用安全性。

Transport - 表示传输级别的安全性与 HTTP 一起使用 请求。

TransportCredentialOnly - 表示只有基于 HTTP 的客户端 提供身份验证。