I've created a self-hosted WCF service with HTTPS/SSL, transport security and Basic authentication. For some reason, when I run the service in the browser it never asks for credentials. What's wrong?
Service configuration:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="WsHttpTest.GreetingServiceBehavior">
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WsHttpTest.GreetingServiceBehavior" name="WsHttpTest.GreetingService">
<host>
<baseAddresses>
<add baseAddress="https://localhost:8555/WsHttpTest/Greeting" />
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WsHttpTest.IGreetingService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
</configuration>
HTTP config:
C:\>httpcfg query ssl
IP : 0.0.0.0:8555
Hash 开发者_Go百科 : 14ae237add3c49 a5091367487563cf6f6a8f586
Guid : {9416496a-6d3e-4680-a9d1-03defd97d7d6}
CertStoreName : MY
CertCheckMode : 0
RevocationFreshnessTime : 0
UrlRetrievalTimeout : 0
SslCtlIdentifier :
SslCtlStoreName :
Flags : 0
------------------------------------------------------------------------------
C:\>httpcfg query urlacl
URL : https://localhost:8555/WsHttpTest/Greeting/
ACL : D:(A;;GX;;;WD)
------------------------------------------------------------------------------
The configuration of wsHttpBinding
is used only if you communicate with the endpoint = you create the proxy and call operation exposed on service contract. When opening the service's help page you don't communicate with the endpoint.
ServiceMetadataBehavior
also offers two additional properties HttpsHelpPageBinding
and HttpsHelpPageBindingConfiguration
. Perhaps if you play with these properties and configure some custom binding (must be custom because it requires MessageVersion.None
) for them you will be able to force help page to require authentication as well but I have never tried it.
I would start with something like:
<bindings>
<cutstomBinding>
<binding name="helpPage">
<textMessageEncoding messageVersion="None" />
<httpsTransport authenticationScheme="Basic" />
</binding>
</customBinding>
</bindings>
精彩评论