问题
How do you secure a Silverlight-Enabled WCF Web Service with SSL? I have tried setting it up similar to a regular WCF service secured by SSL, but it doesn't seem to work. What do you set in the Web.Config, and what do you set in the Silverlight's ServiceReferences.ClientConfig?
I noticed that in the ServiceReferences.ClientConfig file of the Silverlight client app that the "Binding" tag only allows basicHttpBinding and NOT wsHttpBinding. Does this mean that you can not secure a Silverlight-Enabled WCF Service? If so are there better approaches to securing it?
回答1:
There are three key places that I configure to use https in my own apps.
Web.config
In the behavior tag include this line:
<serviceMetadata httpsGetEnabled="true"/>
For the MEX endpoint, make sure you use the https protocol:
<endpoint address="mex" binding="mexHttpsBinding"
contract="IMetadataExchange" />
Create a custom binding. The important part is the transport security:
<basicHttpBinding>
<binding name="myServicesBinding">
<security mode="Transport"/>
</binding>
</basicHttpBinding>
You can also include the usual authorization stuff:
<authorization>
<allow users="?"/>
<deny users="*"/>
</authorization>
Silverlight
On the Silverlight end, either point the ServiceReference at the now secure service, or set up the connections manually in code. the ServiceReferences.ClientConfig file should have the security stuff in it:
<security mode="Transport"/>
And the code version looks like this:
BasicHttpBinding b = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
There are probably more complex things that can be done, but this should be good enough for most people.
回答2:
in the ServiceReferences.ClientConfig file of the Silverlight client app that the "Binding" tag only allows basicHttpBinding and NOT wsHttpBinding. Does this mean that you can not secure a Silverlight-Enabled WCF Service?
No, it doesn't mean that. You can have a basicHttpBinding and still assign transport-level security (HTTPS with SSL) to it. That shouldn't be a problem.
Marc
PS: Many one of those links gives you more insight and the proverbial "AHA!" :-)
- http://winterdom.com/2007/11/basichttpbindingwithtransportsecurity
- http://silverlight.net/forums/p/13275/44170.aspx
- http://kevindockx.blogspot.com/2009/02/username-authentication-with.html
- http://www.pixel73.com/blog/Default.aspx?g=posts&t=4173
- http://community.irritatedvowel.com/blogs/pete_browns_blog/archive/2008/03/19/WCF-Integration-in-Silverlight-2-Beta-1.aspx
- http://geekswithblogs.net/scottthompson/archive/2009/03/25/setting-up-ssl-between-silverlight-and-wcf-under-iis7.aspx
回答3:
To create Silverlight-Enabled WCF Web Service using SSL you have to do the following steps:
- Create standard Silverlight-Enabled WCF Web Service using Visual Studio 2010
Change 3 places of webconfig.xml:
a. In serviceMetadata change httpGetEnabled to httpsGetEnabled like this:
<behaviors > <serviceBehaviors > <behavior name="" > <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors>b. In binding change httpTransport to httpsTransport:
<bindings> <customBinding> <binding name="Project.Web.YourService.customBinding0"> <binaryMessageEncoding/> <httpsTransport/> </binding> </customBinding> </bindings>c. in endpoint change binding="mexHttpBinding" to binding="mexHttpsBinding":
<service name="Project.Web.YourService.YourService"> <endpoint address="" binding="customBinding" bindingConfiguration="Project.Web.YourService.customBinding0" contract="Project.Web.YourService.YourService" /> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" /> </service>Don't use ServiceReferences.ClientConfig. Create everything in code behind - it's easy to deploy on server:
CustomBinding binding = new CustomBinding(new BinaryMessageEncodingBindingElement(), new HttpsTransportBindingElement()); YourServiceReference.YourServiceClient service = new YourServiceReference.YourServiceClient (binding, new EndpointAddress(new Uri( "https:yourhostname/YourService.svc").AbsoluteUri)); service.YourMethodCompleted += new EventHandler<YourServiceReference.YourMethodCompleted EventArgs>(service_YourMethodCompleted ); service.YourMethodAsync();
回答4:
WS* is not supported in Silverlight - basically change the URL in the client config to be an https:// url - that's all you can do
来源:https://stackoverflow.com/questions/842415/how-to-secure-a-silverlight-enabled-wcf-web-service-with-ssl