WCF傳輸安全，wsHttpBinding，負載平衡器中的消息安全

Question

我有一個WCF服務，它使用HTTPS上的消息安全性，使用負載均衡器後面的wsHttpBinding。當通過https連接到Web瀏覽器上的服務時，它可以工作。然而，WINDOWNS形成客戶端失敗，使用通過HTTPS證書，

更新

請求的URL爲https，但除了說HTTP後，下方則是例外跟蹤服務器端：

例如：請求網址是

https： //www.server.com/wcf.svc'。

但它變得

HTTP： //www.server.com：在服務器端 /wcf.svc」。它是負載平衡器造成它嗎？

System.ServiceModel.EndpointNotFoundException，System.ServiceModel，版本= 3.0.0.0，文化=中性公鑰= b77a5c561934e089

有沒有渠道積極在聽「http://www.server.com:81 /wcf.svc」。這通常是由不正確的地址URI造成的。確保消息發送到的地址與服務正在偵聽的地址匹配。

下面是WCF服務配置：

<system.serviceModel> 
    <diagnostics> 
     <messageLogging logEntireMessage="true" logMalformedMessages="true" 
       logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="false" /> 
    </diagnostics> 
    <services> 
     <service behaviorConfiguration="verServiceBehaviour" name="ver.Service"> 

     <endpoint address="ver" binding="wsHttpBinding" bindingConfiguration="wshttpbindingcfg"    
        contract="ver.Iver" behaviorConfiguration ="verEndpointBehaviour"> 
     </endpoint> 

     <endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="mexhttpbinding" contract="IMetadataExchange" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="https://www.server.com/" /> 
      </baseAddresses> 
     </host> 
     </service> 

    </services> 
    <bindings> 
     <mexHttpBinding> 
     <binding name="mexhttpbinding" /> 
     </mexHttpBinding> 
     <wsHttpBinding> 
     <binding name="wshttpbindingcfg" maxReceivedMessageSize="2000000000" sendTimeout="00:10:00"> 
      <readerQuotas maxStringContentLength="2000000000"/> 

      <reliableSession ordered="true" enabled="false" /> 

      <security mode="None"> 
         <transport clientCredentialType="None" proxyCredentialType="None" 
          realm="" /> 
         <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
          algorithmSuite="Default" establishSecurityContext="false" /> 
        </security> 

     </binding> 
     </wsHttpBinding> 
    </bindings> 
    <behaviors> 
     <endpointBehaviors> 
     <behavior name="verEndpointBehaviour"> 
      <instanceContextBehavior/> 
      <verInspectorBehavior/> 
     </behavior> 
     </endpointBehaviors> 
     <serviceBehaviors> 
     <behavior name="verServiceBehaviour"> 
      <dataContractSerializer maxItemsInObjectGraph="100000000"/> 
      <serviceMetadata httpGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 

      <serviceCredentials> 
      <clientCertificate> 
       <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" trustedStoreLocation="LocalMachine" mapClientCertificateToWindowsAccount="false"/> 
      </clientCertificate> 

       <serviceCertificate 
       x509FindType="FindByThumbprint" 
       findValue="xxxx" 
       storeLocation="LocalMachine" 
       storeName="My"/> 

      </serviceCredentials> 

     </behavior> 


     </serviceBehaviors> 
    </behaviors> 

    </system.serviceModel> 

下面是客戶端配置：

<configuration> 
    <appSettings> 
     <add key="CertificateSubjectName" value="subjectName"/> 
    </appSettings> 
    <system.serviceModel> 
     <bindings> 
      <wsHttpBinding> 
       <binding name="WSHttpBinding_ver.IverHTTPS" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" 
        allowCookies="false"> 
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 

        <security mode="TransportWithMessageCredential"> 
         <transport clientCredentialType="None" proxyCredentialType="None" 
          realm="" /> 
         <message clientCredentialType="Certificate" negotiateServiceCredential="true" 
          algorithmSuite="Default" establishSecurityContext="false" /> 

        </security> 
       </binding> 

      </wsHttpBinding> 
     </bindings> 
     <client> 
      <endpoint address="https://www.server.com/wcf.svc" 
       binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ver.IverHTTPS" 
       contract="ServiceReference.verIver" name="verEndPoint" /> 


     </client> 
    </system.serviceModel> 
</configuration> 

下面

是使用證書在客戶端代碼：

var proxyClient = new ServiceReference.VerIVerClient("verEndPoint"); 

proxyClient.ClientCredentials.ClientCertificate.SetCertificate(
    System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, 
    System.Security.Cryptography.X509Certificates.StoreName.My,  
    System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, 
    subjectName");     

proxyClient.CallService() 

下面在收到異常客戶端：

System.ServiceModel.EndpointNotFoundException was unhandled 
    Message=There was no endpoint listening at https://ver20.server.com/wcf.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. 
    Source=mscorlib 
    StackTrace: 
    Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason) 
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) 
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) 
     at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) 
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) 
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) 
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) 
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) 
    Exception rethrown at [0]: 
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) 
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) 
     at verClient.ServiceReference.verIver.GetClaimver(GetClaimverClaimApplication ClaimApplication) 
     at verClient.ServiceReference.verIverClient.GetClaimver(GetClaimverClaimApplication ClaimApplication) in D:\Projects\ver\verClient\Service References\ServiceReference\Reference.cs:line 11330 
     at verClient.verForm.PostXmlTover(GetClaimverClaimApplication ClaimApplication) in D:\Projects\ver\verClient\verForm.cs:line 1408 
     at verClient.verForm.PostButton_Click(Object sender, EventArgs e) in D:\Projects\ver\verClient\verForm.cs:line 34 
     at System.Windows.Forms.Control.OnClick(EventArgs e) 
     at System.Windows.Forms.Button.OnClick(EventArgs e) 
     at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) 
     at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) 
     at System.Windows.Forms.Control.WndProc(Message& m) 
     at System.Windows.Forms.ButtonBase.WndProc(Message& m) 
     at System.Windows.Forms.Button.WndProc(Message& m) 
     at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) 
     at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) 
     at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) 
     at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg) 
     at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData) 
     at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context) 
     at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context) 
     at System.Windows.Forms.Application.Run(Form mainForm) 
     at verClient.Program.Main() in D:\Projects\ver\verClient\Program.cs:line 18 
     at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) 
     at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) 
     at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() 
     at System.Threading.ThreadHelper.ThreadStart_Context(Object state) 
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) 
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) 
     at System.Threading.ThreadHelper.ThreadStart() 
    InnerException: System.Net.WebException 
     Message=The remote server returned an error: (404) Not Found. 
     Source=System 
     StackTrace: 
      at System.Net.HttpWebRequest.GetResponse() 
      at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) 
     InnerException: 

Answer 1

查看您的負載均衡器的配置，並確保這些請求被警告到正確的主機和端口號。如果您選擇的端口號不是標準的，請確保調整IIS站點綁定和服務的基地址。

瞭解有關傳輸安全性的一個重要事情是，它必須在「跳」和「跳」基礎上進行配置。在您的示例中，您有兩個躍點（客戶端） - >（負載均衡器）和（負載均衡器） - >（服務器）。

確保從客戶端到負載均衡器的連接不會自動配置從負載均衡器到服務器的安全性。您需要在負載均衡器和服務器上安裝並配置ssl證書。

您的初始https請求最終成爲服務器上的http請求，這很好地表明您沒有在負載均衡器和服務器之間配置安全通道。

如果您不希望保護負載平衡器和服務器之間的連接，請在沒有傳輸安全性的情況下公開您的服務。藉此，您仍然可以在客戶端與ssl上的負載均衡器（第一跳）之間進行通信。