如何解决将HTTPS绑定添加到IIS后,具有Windows身份验证的WCF SOAP Web服务停止工作
我看到了奇怪的行为。当我将HTTPS绑定添加到IIS时,我的Web服务停止工作。无论我是否通过以“ http://”或“ https://”开头的URL使用我的服务,都会发生这种情况。
我的服务中的错误消息
主机上配置的身份验证方案 ('IntegratedWindowsAuthentication')不允许在 绑定“ BasicHttpsBinding”(“匿名”)。请确保 SecurityMode设置为Transport或TransportCredentialOnly。 此外,这可以通过更改身份验证来解决 通过IIS管理工具针对该应用程序的方案 ServiceHost.Authentication.AuthenticationSchemes属性中的 应用程序配置文件位于 元素,通过更新绑定上的ClientCredentialType属性, 或通过调整上的AuthenticationScheme属性 HttpTransportBindingElement。
我在IIS中添加的HTTPS绑定
在IIS中对我的服务进行身份验证
我的服务的web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes,set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging,set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
问题
- 此错误的原因是什么?
- 如何避免这种紧密耦合?
解决方法
默认情况下,似乎IIS假定具有匿名身份验证的basicHttpsBinding。我通过在我已经存在的无名basicHttpBinding下面添加一个带有Windows身份验证的basicHttpsBinding(再次无名,以使其覆盖默认值)来解决该问题。
<basicHttpsBinding>
<binding name="">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpsBinding>
为此,我使用了Visual Studio内置的WCF配置编辑器。如果有人想知道所有这些设置来自哪里:
- 无论IIS中是否存在HTTPS绑定,它现在都可以工作
- 我的服务现在也可以通过以“ http://”或“ https://”开头的URL进行工作
Microsoft应该为web.config赋予与IIS相同的结构,其中Authentication独立于绑定。如果他们将配置留给IIS,以免设置冲突,那就更好了。他们真的把球丢给了那个。
我的服务的新web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
<basicHttpsBinding>
<binding name="">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes,set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging,set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。