WCF 服务的 basicHttpBinding 上的 HTTPS

Question

我使用的是 IIS 7。HTTPS 绑定在其上启用了端口号 443。我在网站下有一个 WCF 服务作为应用程序。我正在尝试基于http://msdn.microsoft.com/en-us/library/ms729700.aspx 向服务（使用basicHttpBinding）引入HTTPS 安全性

我收到以下错误 - “提供的 URI 方案 'https' 无效；预期'http'。”。当我检查事件日志时，它的堆栈跟踪如下：

Stack Trace :    at System.ServiceModel.Channels.TransportChannelFactory`1.ValidateScheme(Uri via)

at System.ServiceModel.Channels.HttpChannelFactory.ValidateCreateChannelParameters(EndpointAddress remoteAddress, Uri via)

需要进行哪些更改才能使用 basicHttpBinding 在 HTTPS 上工作？

注意：证书是使用 IIS 7 中的“创建自签名证书”创建的。

 <system.serviceModel>

  <behaviors>
<serviceBehaviors>
  <behavior name="serviceFaultBehavior">
    <serviceMetadata httpGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true"/>
  </behavior>
</serviceBehaviors>
  </behaviors>

  <services>
<service name="Business.TV.Clearance.Services.ServiceHandler"
         behaviorConfiguration="serviceFaultBehavior">
  <endpoint address=""
            binding="basicHttpBinding"
            contract="Business.TV.Clearance.Services.IServiceHandler"
            bindingConfiguration="httpBinding">
    <identity>
      <dns value="localhost" />
    </identity>
  </endpoint>
</service>

  <bindings>
<basicHttpBinding>

  <binding name="httpBinding"
           maxReceivedMessageSize="2000000"
           maxBufferSize="2000000">

    <security mode="Transport">
      <transport clientCredentialType="Windows" />
    </security>


    <readerQuotas maxDepth="2147483647"
                  maxStringContentLength="2147483647"
                  maxArrayLength="2147483647" />
  </binding>
</basicHttpBinding>
  </bindings>

   <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

   <extensions>
 <behaviorExtensions>
  <add name="serviceFaultBehavior"
type="Business.TV.Clearance.Services.ServiceFaultBehaviorExtensionElement,Business.TV.Clearance.Services, Version=1.0.0.0, Culture=neutral"/>
</behaviorExtensions>
  </extensions>

</system.serviceModel>

Answer 1

你需要改变：

<serviceMetadata httpGetEnabled="true" />

到：

<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

Answer 2

请尝试如下图：

<service name="UserNameWithoutSSL.UsernameWithSSLService" behaviorConfiguration="TransportWithSecurity">
  <endpoint address="" binding="basicHttpBinding" bindingConfiguration="usernameViaSSL" contract="UserNameWithoutSSL.IUsernameWithSSLService">
    <identity>
      <dns value="localhost"/>
    </identity>
  </endpoint>
  <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  <host>
    <baseAddresses>
      <add baseAddress="https://PCName/" />
    </baseAddresses>
  </host>
</service>

<basicHttpBinding>
  <binding name="usernameViaSSL">
    <security mode="TransportWithMessageCredential">
      <message clientCredentialType="UserName"/>
    </security>
  </binding>
</basicHttpBinding>

<serviceBehaviors>
  <behavior name="TransportWithSecurity">
    <serviceCredentials>
      <serviceCertificate findValue="localhost" storeLocation="LocalMachine"
        storeName="My" x509FindType="FindBySubjectName" />
      <userNameAuthentication userNamePasswordValidationMode="Windows" />
    </serviceCredentials>
    <serviceMetadata httpsGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
  </behavior>
</serviceBehaviors>

现在在虚拟目录上的 IIS 上，您需要映射 443 以接受 Https 流量并分配它需要用于保护传输层的证书。

Answer 3

请尝试替换以下内容，这应该可以。

原文：

<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>

替换为：

<security mode="Transport">
<transport clientCredentialType="None" />
</security>