WebHttpBinding安全问题

Question

我已经创建了一个RESTful服务并实现了身份验证。它接受用户名和密码，然后授予对所请求服务的访问权限。它工作得很好。现在我想在我的服务之上使用SSL。为此，我创建了证书，然后在IIS中给出了所需的设置。但是我的服务不起作用。我正在使用webHttpBinding。

我在服务端的Web.Config是：

 <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
    <service  behaviorConfiguration="ServiceBehavior" name="TestAPI">
      <host>
        <baseAddresses>
          <add baseAddress="https://localhost/AuthWithSSLTest/API/TestAPI.svc" />
        </baseAddresses>
      </host>
    <endpoint address="" behaviorConfiguration="RESTFriendly" bindingConfiguration="MywebHttpBinding"  binding="webHttpBinding" contract="ITestAPI" >
      </endpoint>
      <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  </service>
</services>
<client /><bindings>
  <webHttpBinding>
    <binding name="MywebHttpBinding">
      <security mode="Transport" >
       <transport clientCredentialType="Certificate"/>
      </security> 
    </binding>
  </webHttpBinding>     
</bindings>
<behaviors>
  <endpointBehaviors>
    <behavior name="RESTFriendly">
      <webHttp />
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceCredentials>
        <clientCertificate>
          <authentication revocationMode="NoCheck" />
        </clientCertificate>
        <serviceCertificate findValue="CN=tempCertClient" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

在我的客户端app.config中，我有

<system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name="NewBehavior">
                <clientCredentials>
                    <clientCertificate findValue="CN=tempCertClient" storeLocation="LocalMachine" />
                    <serviceCertificate>
                        <authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <customBinding>
            <binding name="WebHttpBinding_ITestAPI">

              <httpTransport/>
            </binding>
        </customBinding>
    </bindings>
    <client>
        <endpoint address="https://localhost/AuthWithSSLTest/API/API.svc/TestMethod"
            behaviorConfiguration="NewBehavior" binding="customBinding"
            bindingConfiguration="WebHttpBinding_ITestAPI"
            contract="TestAPI.ITestAPI" name="WebHttpBinding_ITestAPI" />
    </client>
</system.serviceModel>

当我尝试运行客户端时，它显示提供的URI方案Https无效，需要http。

同样，当我尝试从VS2008调用Web Service时，它显示“找不到与具有绑定WebHttpBinding的端点的方案https匹配的基地址。已注册的基地址方案是http。”

如果我尝试从IIS运行web服务，它会显示“找不到与具有绑定WebHttpBinding的端点的方案http匹配的基地址。已注册的基地址方案是https。”

我试过用谷歌搜索，也试过所有建议的东西，但都没成功。请帮帮忙。

提前谢谢你，塔拉·辛格

Answer 1

在您的客户端配置中，尝试更改：

<httpTransport/>

至：

<httpsTransport/>