问题描述
你好
我们的环境是WCF服务托管在负载均衡器后面的IIS框(F5框)上. F5框使用SSL,而IIS框不使用SSL.
Our environment is such that WCF service is hosted on an IIS box behind a load balancer (F5 box). The F5 box uses SSL whereas the IIS box doesn't use SSL.
该服务通过myservice.svc在名为myservicevirdir的虚拟目录中公开
The service is exposed through myservice.svc in a virtual directory called myservicevirdir
该服务使用没有安全性的basicHttpbinding.
The service uses basicHttpbinding with no security.
客户端计算机的app.config指定端点如下:
The client machine's app.config specifies endpoint as follows:
https://virtualhostname/myservicevirdir/myservice.svc
请注意,virtualhostname指向F5框,而不是IIS框.
Note that virtualhostname is pointing to the F5 box and not to the IIS box.
我使这种情况起作用的唯一方法是通过指定securitymode ="Transport".即使在IIS框中的WCF服务没有安全性,也可以在客户端进行操作.
The only way I have gotten this scenario to work is by specifying securitymode="Transport" on the client side eventhough the WCF service on the IIS box has no security.
无论如何,我遇到的问题是,当wcf服务使用securitymode时,这种在客户端指定securitymode = Transport的方法=如果我使用wsHttpBinding,则没有任何作用.而且我需要使用wsHttpBinding进行交易.
Anyways, the problem I am running into is that this approach of specifying securitymode=Transport on the client side when the wcf service uses securitymode=None doesnt work if i use the wsHttpBinding. And I need to use the wsHttpBinding for transactions.
这是服务器web.config:
Here is the server web.config:
< system.serviceModel>
< services>
< service behaviorConfiguration ="credentialConfig"名称="X.X.X.MyService"; >
.< endpoint address =""
绑定="basicHttpBinding";
绑定属性="basicHttpBindingForMyService";
合约="X.X.X.IMyService"/>
</service>
</services>
< bindings>
< basicHttpBinding>
< binding name ="basicHttpBindingForMyService'' closeTimeout ="02:00:00"; maxBufferPoolSize ="10000000"; maxBufferSize ="1000000000"; maxReceivedMessageSize ="1000000000"; openTimeout ="02:00:00"; receiveTimeout ="02:00:00"; sendTimeout ="02:00:00"; transferMode =缓冲的".
</binding>
</basicHttpBinding>
</bindings>
< behaviors>
< serviceBehaviors>
< behavior name ="credentialConfig">
< serviceMetadata httpGetEnabled =真"/>
< serviceDebug includeExceptionDetailInFaults ="true"/>
< dataContractSerializer maxItemsInObjectGraph =" 1000000000" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.serviceModel>
<services>
<service behaviorConfiguration="credentialConfig" name="X.X.X.MyService" >
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="basicHttpBindingForMyService"
contract="X.X.X.IMyService"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingForMyService" closeTimeout="02:00:00" maxBufferPoolSize="10000000" maxBufferSize="1000000000" maxReceivedMessageSize="1000000000" openTimeout="02:00:00" receiveTimeout="02:00:00" sendTimeout="02:00:00" transferMode="Buffered">
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="credentialConfig">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
客户端的app.config:
Client's app.config:
< system.serviceModel >
<system.serviceModel>
< basicHttpBinding >
<basicHttpBinding>
< 绑定 名称 = " basicHttpBinding_IMyService " closeTimeout = " 02:00:00 " maxBufferPoolSize = " 100000000 " maxBufferSize = " 1000000000 " maxReceivedMessageSize = " 1000000000 " openTimeout = " 02:00:00 " receiveTimeout = " 02:00:00 " sendTimeout = " 02:00:00 " transferMode = " 已缓冲 " >
<binding name="basicHttpBinding_IMyService" closeTimeout="02:00:00" maxBufferPoolSize="100000000" maxBufferSize="1000000000" maxReceivedMessageSize="1000000000" openTimeout="02:00:00" receiveTimeout="02:00:00" sendTimeout="02:00:00" transferMode="Buffered">
< readerQuotas maxStringContentLength = " 1000000000 " maxArrayLength = " 1000000 " maxBytesPerRead = " 1000000 " maxNameTableCharCount = " 1000000 " maxDepth = " 1000000 " />
<readerQuotas maxStringContentLength="1000000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" maxDepth="1000000"/>
< 安全性 模式 = " 运输 " ></ 安全性 >
<security mode="Transport"></security>
</ 绑定 >
</binding>
</ basicHttpBinding >
</basicHttpBinding>
</ 绑定 >
</bindings>
< 客户端 >
< 端点 地址 = https://virtualhostname/myservicevirdir /myservice.svc 绑定 = "基本 HttpBinding " bindingConfiguration = " basicHttpBinding_IMyService " ; contr行为 = " XXXIMyService " 名称 = " myendpoint1 ""; >
<endpoint address=https://virtualhostname/myservicevirdir/myservice.svc binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IMyService" contract="X.X.X.IMyService" name="myendpoint1">
</ 端点 >
</endpoint>
</ 客户端 >
</client>
</ system.serviceModel >
</system.serviceModel>
推荐答案
这篇关于负载均衡器后面的WCF服务(F5框)-安全问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!