使用 Azure ACS 进行 WCF 身份验证增加 MaxReceivedMessageSize

Question

我有一个authenticates via Azure ACS 的 WCF 服务，它运行良好，只是当我将大文件上传到它时，我得到 "(413) Request Entity Too Large"

很明显我需要增加MaxReceivedMessageSize，但是，我的绑定类型不是WSHttpBinding，而是IssuedTokenWSTrustBinding，所以没有公开这个属性，我想我不完全理解HTTP绑定的方式在下面的代码中创建。是否可以以某种方式在我的绑定上配置 MaxReceivedMessageSize？

    public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
    {
        string acsUsernameEndpoint = String.Format("https://{0}.{1}/v2/wstrust/13/username", ACSServiceNamespace, AcsHostUrl);
        ServiceHost rpHost = new ServiceHost(typeof(DataTransferService));
        rpHost.Credentials.ServiceCertificate.Certificate = GetServiceCertificateWithPrivateKey();
        rpHost.AddServiceEndpoint(typeof(IUploadService),
                                   Bindings.CreateServiceBinding(acsUsernameEndpoint),
                                   new Uri(ServiceAddress));

        // Windows Identity Foundation token handlers can pick up the relevant settings.
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        // FederatedServiceCredentials.ConfigureServiceHost etc...
        return rpHost;
    }

    public static class Bindings
    {
        public static Binding CreateServiceBinding(string acsUsernameEndpoint)
        {
            return new IssuedTokenWSTrustBinding(CreateAcsUsernameBinding(), new EndpointAddress(acsUsernameEndpoint));
        }

        public static Binding CreateAcsUsernameBinding()
        {
            return new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
        }
    }

Answer 1

已解决！ 由于我没有明确定义我的端点，因此应该可以在 .Net 4+ 的“默认”端点上设置 ReaderQuotas 和 MaxReceivedMessageSize 等，但不命名它们，这不起作用。

最后我设法通过创建一个覆盖CreateBindingElements()的新绑定类来更改绑定上的ReaderQuotas和MaxReceivedMessageSize，这个新类采用IssuedTokenWSTrustBinding的绑定并调用它的CreateBindingElements()创建其绑定组件的克隆，然后允许我调整设置。我留下了一个完全基于代码的 WCF 配置，不确定我是否喜欢 .clone() - 可能有更雄辩的解决方案。

private class LargeTransportBinding : Binding
{
    Binding originalBinding;

    public LargeTransportBinding(Binding sourceBinding)
    {
        originalBinding = sourceBinding;
    }

    public override BindingElementCollection CreateBindingElements()
    {
        // Copy
        BindingElementCollection modifiedBindingElementCollection = originalBinding.CreateBindingElements().Clone();

        // Tweak Reader Quoters and max buffer sizes
        TextMessageEncodingBindingElement encoding = (TextMessageEncodingBindingElement)modifiedBindingElementCollection[1];
        encoding.ReaderQuotas.MaxArrayLength = int.MaxValue;
        encoding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
        encoding.ReaderQuotas.MaxStringContentLength = int.MaxValue;

        HttpTransportBindingElement transport = (HttpTransportBindingElement)modifiedBindingElementCollection[2];
        transport.MaxBufferPoolSize = int.MaxValue;
        transport.MaxBufferSize = int.MaxValue;
        transport.MaxReceivedMessageSize = int.MaxValue;

        return modifiedBindingElementCollection;
    }

    public override string Scheme
    {
        get { return originalBinding.Scheme; }
    }
}

并按如下方式调用它：

    var binding =  Bindings.CreateServiceBinding(acsUsernameEndpoint);
    rpHost.AddServiceEndpoint(typeof(IUploadService),
                     new LargeTransportBinding(binding),
                     new Uri(ServiceAddress));

记住将 Int.MaxValue 减少到更现实的值，以减少 DoS 攻击的机会。我希望这可以节省我不得不花费大量时间在互联网上解决这个问题的时间。

对于 IIS 7，这在 web.config 中也是必需的：

  <system.web>
    <httpRuntime maxRequestLength="10240" />
  </system.web>