<behaviors>

  <serviceBehaviors>

    <behavior name="MyServiceBehavior">

      <serviceMetadata httpsGetEnabled="true" policyVersion="Policy15" />

      <serviceDebug includeExceptionDetailInFaults="true" />

      <serviceCredentials>

        <clientCertificate>

          <authentication customCertificateValidatorType="MyWS.Security.MyServicesCertificateValidator, MyWS"

            certificateValidationMode="Custom" revocationMode="NoCheck" />

        </clientCertificate>

        <userNameAuthentication userNamePasswordValidationMode="Custom"

          customUserNamePasswordValidatorType="MyWS.Security.MyServicesUsernameValidator, MyWS" />

      </serviceCredentials>

    </behavior>

  </serviceBehaviors>

</behaviors>

<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

<bindings>

  <basicHttpBinding>

    <binding name="MySoapBinding">

      <security mode="TransportWithMessageCredential">

        <transport clientCredentialType="Certificate" />

        <message clientCredentialType="UserName" />

      </security>

    </binding>

  </basicHttpBinding>

</bindings>

<services>

  <service behaviorConfiguration="MyServiceBehavior" name="MyWS.Services.TheService">

    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MySoapBinding" name="TheService" bindingNamespace="https://services.my/TheService" contract="MyWS.Interfaces.Service.ITheService" />

    <host>

      <baseAddresses>

        <add baseAddress="https://localhost:4434/MyWS/TheService"/>

      </baseAddresses>

    </host>

  </service>

</services>
private static Binding CreateMultiFactorAuthenticationBinding()

{

    var httpsTransport = new HttpsTransportBindingElement();

    // The message security binding element will be configured to require 2 tokens:

    // 1) A username-password encrypted with the service token

    // 2) A client certificate used to sign the message

    // Create symmetric security binding element with encrypted username-password token.

    // Symmetric key is encrypted with server certificate.

    var messageSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();

    messageSecurity.AllowInsecureTransport = false;

    // Require client certificate as endorsing supporting token for all requests from client to server

    var clientX509SupportingTokenParameters = new X509SecurityTokenParameters

                                                    {

                                                        InclusionMode =

                                                            SecurityTokenInclusionMode.AlwaysToRecipient

                                                    };

    messageSecurity.EndpointSupportingTokenParameters.Endorsing.Add(clientX509SupportingTokenParameters);

    return new CustomBinding(messageSecurity, httpsTransport);

}

//// Registering WCF-services

var returnFaults = new ServiceDebugBehavior {IncludeExceptionDetailInFaults = true};

var metaData = new ServiceMetadataBehavior {HttpsGetEnabled = true};

var serviceCredentials = new ServiceCredentials();

// Configure service sertificate

serviceCredentials.ServiceCertificate.SetCertificate(

    StoreLocation.LocalMachine,

    StoreName.My,

    X509FindType.FindBySubjectName,

    "ServerCertificate");

// Configure client certificate authentication mode

serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;

// Add custom username-password validator

serviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode =

    UserNamePasswordValidationMode.Custom;

serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator =

    _container.Resolve<MyServicesUsernameValidator>();

// Add custom certificate validator

serviceCredentials.ClientCertificate.Authentication.CertificateValidationMode =

    X509CertificateValidationMode.Custom;

serviceCredentials.ClientCertificate.Authentication.CustomCertificateValidator =

    _container.Resolve<MyServicesCertificateValidator>();

var serviceModel = new DefaultServiceModel();

serviceModel.AddEndpoints(

    WcfEndpoint.ForContract<IMyContract>().BoundTo(CreateMultiFactorAuthenticationBinding()));

serviceModel.BaseAddresses.Add(new Uri("https://server.com/MyServiceImplementation.svc"));

serviceModel.AddExtensions(serviceCredentials);

serviceModel.AddExtensions(metaData);

_container.AddFacility<WcfFacility>(f => f.CloseTimeout = TimeSpan.Zero)

    .Register(Component.For<IMyContract>()

                    .ImplementedBy<MyServiceImplementation>()

                    .AsWcfService(serviceModel),

                Component.For<IServiceBehavior>().Instance(returnFaults));

wcf 配置与代码创建的更多相关文章

  1. C#操作IIS程序池及站点的创建配置实现代码

    首先要对Microsoft.Web.Administration进行引用,它主要是用来操作IIS7: using System.DirectoryServices;using Microsoft.We ...

  2. WCF服务二:创建一个简单的WCF服务程序

    在本例中,我们将实现一个简单的计算服务,提供基本的加.减.乘.除运算,通过客户端和服务端运行在同一台机器上的不同进程实现. 一.新建WCF服务 1.新建一个空白解决方案,解决方案名称为"WC ...

  3. WCF 配置服务 (02)

    配置服务概述 • 在设计和实现服务协定后,即可配置服务. 在其中可以定义和自定义如何向客户端公开服务,包括指定可以找到服务的地址.服务用于发送和接收消息的传输和消息编码,以及服务需要的安全类型. • ...

  4. WCF学习第二篇:WCF 配置架构。这有助于对wcf配置的理解和记忆

    使用 Windows Communication Foundation (WCF) 配置元素,您可以配置 WCF 服务和客户端应用程序. 可以使用配置编辑器工具 (SvcConfigEditor.ex ...

  5. WCF配置详解

    前面一篇文章<WCF 学习总结1 -- 简单实例> 一股脑儿展示了几种WCF部署方式,其中配置文件(App.config/Web.config)都是IDE自动生成,省去了我们不少功夫.现在 ...

  6. 编写WCF服务时右击配置文件无“Edit WCF Configuration”(编辑 WCF 配置)远程的解决办法

    原文:编写WCF服务时右击配置文件无“Edit WCF Configuration”远程的解决办法 今天在看<WCF揭秘>书中看到作者提出可以在一个WCF Host应用程序的App.Con ...

  7. iOS UICollectionView(转一) XIB+纯代码创建:cell,头脚视图 cell间距

    之前用CollectionViewController只是皮毛,一些iOS从入门到精通的书上也是泛泛而谈.这几天好好的搞了搞苹果的开发文档上CollectionViewController的内容,亲身 ...

  8. Spring Boot 使用Java代码创建Bean并注册到Spring中

    版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/catoop/article/details/50558333 声明同一个类下的多个实例: packa ...

  9. WCF 4.0 如何编程修改wcf配置,不使用web.config静态配置

    How to programmatically modify WCF without web.config setting WCF 4.0 如何编程修改wcf配置,不使用web.config静态配置 ...

随机推荐

  1. 计算机网络c++实现截断二进制指数退避算法

    #include<iostream> #include<vector> #include <stdio.h> #include<stdlib.h> // ...

  2. typescript -- ts

    算是强类型语言,javascrpt是弱类型语言,是指对数据的类型的处理,弱类型语言的特点有时候只是在支行的时候才告诉你出错了,但写的时候你是查觉不到的 ts也是以es5-7为语法标准的,开发的算是另外 ...

  3. 用vue建新项目的过程---在工作中

    1.git clone 项目地址 2.如果没装vue-cli,就先装下vue-cli  (如果报错可能是没按管理员身份安装) 3.vue init webpack 项目名 4.安装项目依赖 npm i ...

  4. (转)python标准库中socket模块详解

    python标准库中socket模块详解 socket模块简介 原文:http://www.lybbn.cn/data/datas.php?yw=71 网络上的两个程序通过一个双向的通信连接实现数据的 ...

  5. React创建组件的三种方式比较

    推荐文章: https://www.cnblogs.com/wonyun/p/5930333.html 创建组件的方式主要有: 1.function 方式 2.class App extends Re ...

  6. Helper Devise: could not find the `Warden::Proxy` instance on request environment

    在使用devise这个gem时,编写控制器层的单元测试,你需要在你的rspec帮助文件 rails_helper.rb里添加下面这一样 RSpec.configure do |config| conf ...

  7. BNU27937——Soft Kitty——————【扩展前缀和】

    Soft Kitty Time Limit: 1000ms Memory Limit: 65536KB 64-bit integer IO format: %lld      Java class n ...

  8. 前端渲染模板(一):Thymeleaf

    一.使用 本篇文章将以SpringBoot为框架来介绍Thymeleaf的用法. 1 资源文件的约定目录结构  Maven的资源文件目录:/src/java/resources spring-boot ...

  9. 解决github无法访问的问题

     gitbub是外网,经常会遇到访问不了的问题,并且有时能访问也网速好慢. 解决这个问题的方法是 更改hosts文件,地址: C:\Windows\System32\Drivers\etc 我在hos ...

  10. EasyPusher推流类库的.NET调用说明

    EasyPusher推流类库的.NET调用说明 以下内容基于在使用EasyPusher过程中遇到的问题,以及相应的注意事项.本文主要是基于对C++类库的二次封装(便于调试发现问题)以供C#调用以及对一 ...