本文介绍了负载均衡器后面的WCF服务(F5框)-安全问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

你好

我们的环境是WCF服务托管在负载均衡器后面的IIS框(F5框)上. F5框使用SSL,而IIS框不使用SSL.

Our environment is such that WCF service is hosted on an IIS box behind a load balancer (F5 box). The F5 box uses SSL whereas the IIS box doesn't use SSL.

该服务通过myservice.svc在名为myservicevirdir的虚拟目录中公开

The service is exposed through myservice.svc in a virtual directory called myservicevirdir

该服务使用没有安全性的basicHttpbinding.

The service uses basicHttpbinding with no security.

客户端计算机的app.config指定端点如下:

The client machine's app.config specifies endpoint as follows:

https://virtualhostname/myservicevirdir/myservice.svc

请注意,virtualhostname指向F5框,而不是IIS框.

Note that virtualhostname is pointing to the F5 box and not to the IIS box.

我使这种情况起作用的唯一方法是通过指定securitymode ="Transport".即使在IIS框中的WCF服务没有安全性,也可以在客户端进行操作.

The only way I have gotten this scenario to work is by specifying securitymode="Transport" on the client side eventhough the WCF service on the IIS box has no security.

无论如何,我遇到的问题是,当wcf服务使用securitymode时,这种在客户端指定securitymode = Transport的方法=如果我使用wsHttpBinding,则没有任何作用.而且我需要使用wsHttpBinding进行交易.

Anyways, the problem I am running into is that this approach of specifying securitymode=Transport on the client side when the wcf service uses securitymode=None doesnt work if i use the wsHttpBinding. And I need to use the wsHttpBinding for transactions.

这是服务器web.config:

Here is the server web.config:

< system.serviceModel>
< services>
< service behaviorConfiguration ="credentialConfig"名称="X.X.X.MyService"; >
.< endpoint address =""
绑定="basicHttpBinding";
绑定属性="basicHttpBindingForMyService";
合约="X.X.X.IMyService"/>
</service>
</services>
< bindings>
< basicHttpBinding>
< binding name ="basicHttpBindingForMyService'' closeTimeout ="02:00:00"; maxBufferPoolSize ="10000000"; maxBufferSize ="1000000000"; maxReceivedMessageSize ="1000000000"; openTimeout ="02:00:00"; receiveTimeout ="02:00:00"; sendTimeout ="02:00:00"; transferMode =缓冲的".
</binding>
</basicHttpBinding>
</bindings>
< behaviors>
< serviceBehaviors>
< behavior name ="credentialConfig">
< serviceMetadata httpGetEnabled =真"/>
< serviceDebug includeExceptionDetailInFaults ="true"/>
< dataContractSerializer maxItemsInObjectGraph =" 1000000000" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>

 <system.serviceModel> 
    <services>
      <service behaviorConfiguration="credentialConfig" name="X.X.X.MyService" >
        <endpoint address=""
                  binding="basicHttpBinding"
                  bindingConfiguration="basicHttpBindingForMyService"
                  contract="X.X.X.IMyService"/> 
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
 <binding name="basicHttpBindingForMyService" closeTimeout="02:00:00" maxBufferPoolSize="10000000" maxBufferSize="1000000000" maxReceivedMessageSize="1000000000" openTimeout="02:00:00" receiveTimeout="02:00:00" sendTimeout="02:00:00" transferMode="Buffered">  
 </binding>  
      </basicHttpBinding>    
    </bindings>   
    <behaviors>
      <serviceBehaviors>
        <behavior name="credentialConfig">       
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="true"/> 
   <dataContractSerializer maxItemsInObjectGraph="1000000000" />
        </behavior>
      </serviceBehaviors>     
    </behaviors>
  </system.serviceModel>

客户端的app.config:

Client's app.config:

< system.serviceModel >

<system.serviceModel>

< basicHttpBinding >

<basicHttpBinding>

< 绑定 名称 = " basicHttpBinding_IMyService " closeTimeout = " 02:00:00 " maxBufferPoolSize = " 100000000 " maxBufferSize = " 1000000000 " maxReceivedMessageSize = " 1000000000 " openTimeout = " 02:00:00 " receiveTimeout = " 02:00:00 " sendTimeout = " 02:00:00 " transferMode = " 已缓冲 " >

<binding name="basicHttpBinding_IMyService" closeTimeout="02:00:00" maxBufferPoolSize="100000000" maxBufferSize="1000000000" maxReceivedMessageSize="1000000000" openTimeout="02:00:00" receiveTimeout="02:00:00" sendTimeout="02:00:00" transferMode="Buffered">

< readerQuotas maxStringContentLength = " 1000000000 " maxArrayLength = " 1000000 " maxBytesPerRead = " 1000000 " maxNameTableCharCount = " 1000000 " maxDepth = " 1000000 " />

<readerQuotas maxStringContentLength="1000000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" maxDepth="1000000"/>

< 安全性 模式 = " 运输 " ></ 安全性 >

<security mode="Transport"></security>

</ 绑定 >

</binding>

</ basicHttpBinding >

</basicHttpBinding>

</ 绑定 >

</bindings>

< 客户端 >

< 端点 地址 = https://virtualhostname/myservicevirdir /myservice.svc 绑定 = "基本 HttpBinding " bindingConfiguration = " basicHttpBinding_IMyService " ; contr行为 = " XXXIMyService " 名称 = " myendpoint1 ""; >

<endpoint address=https://virtualhostname/myservicevirdir/myservice.svc binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IMyService" contract="X.X.X.IMyService" name="myendpoint1">

</ 端点 >

</endpoint>

</ 客户端 >

</client>

</ system.serviceModel >

</system.serviceModel>

推荐答案


这篇关于负载均衡器后面的WCF服务(F5框)-安全问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-24 01:45