Restricting WCF configuration in code_问答_开发者

开发者 https://www.devze.com 2022-12-19 06:29 出处：网络

We would like to keep the WCF in the configuration file. At the same time we would like the code to refuse a request if the data will be sent over the net unencrypted. Something like: if the request

相关专题：security wcf

We would like to keep the WCF in the configuration file.

At the same time we would like the code to refuse a request if the data will be sent over the net unencrypted. Something like: if the request is basichttpbinding without https, throw exception.

Is there any way for the service code to know how it is being called?

EDIT

From the comments it looks like the question was not that clear.

What I am trying to do is "fix" the following situtaion: We开发者_StackOverflow install a service with basichttpBinding and https. Then a administrator changes it to not use https. The effect is that data is sent unencrypted over the net.

I'm not sure I understand what you want... are you talking about validating, on the service itself, how it is being called and reject some requests if they don't meet certain criteria?

I'm sure that can probably be done (at least certain things, like checking for SSL are more or less simple), but first I'd ask why, if you only want your service called over secure bindings, why you're exposing the service using unsecured ones in the first place. Doesn't it make more sense to ensure the service configuration is correct?

Are you self-hosting?? The most simplistic approach would be:

ServiceHost serviceHost = new ServiceHost(typeof(Service1), "http://localhost:1234/MyService/xml");

foreach (ServiceEndpoint sep in serviceHost.Description.Endpoints)
{
    if(sep.Binding.Scheme != "https")
    {
       // either just remove that endpoint, or signal an error
    }
}

Of course, when you host in IIS, this gets a bit trickier... you might have to create your own custom ServiceHost descendant to do this check, and make sure your IIS based *.svc files use that custom host. Of course, a smart admin might be able to trick that by using the base ServiceHost instead of your own custom host class......

I don't have an example for you, but keep in mind that anything you can do through configuration with WCF, you can do in code. You don't even need to have a configuration file.