问题
Is it possible to configure a WCF service that:
- is hosted by IIS
- uses the
basicHttpBindingbinding - does not need an SSL cert
- supports sessions (
ServiceContract(SessionMode:=ServiceModel.SessionMode.Required))
I know the easiest thing to do would be to buy an SSL cert, but for reasons beyond my control I am being required to match the 4 constraints above.
thanks,
Tom
回答1:
Tell your boss that basicHttpBinding supports real security only when using with SSL certificate (otherwise all data are passed as a plain text) and it doesn't support WCF sessions out of the box. WCF session is dependent on either:
- Transport session (only netTcp or netNamedPipe bindings)
- Reliable session (only netTcp, wsHttp or custom bindings)
- Security session (only wsHttp or custom bindings and it requires either windows authentication or SSL certificate)
Sessions can be probably added by building your own service behavior and replacing IInstaceContextProvider and perhaps also IInstanceProvider.
来源:https://stackoverflow.com/questions/6736172/how-do-i-secure-a-wcf-service-hosted-in-iis-using-basichttp-binding-and-no-ss