Configuring HTTP and HTTPS

.NET Framework (current version)
 
Other Versions
 

WCF services and clients can communicate over HTTP and HTTPS. The HTTP/HTTPS settings are configured by using Internet Information Services (IIS) or through the use of a command-line tool. When a WCF service is hosted under IIS HTTP or HTTPS settings can be configured within IIS (using the inetmgr.exe tool). If a WCF service is self-hosted, HTTP or HTTPS settings are configured by using a command-line tool.

At the minimum you will want to configure a URL registration, and add a Firewall exception for the URL your service will be using.

The tool used to configure HTTP settings depends on the operating system the computer is running.

When running Windows Server 2003 or Windows XP, use the HttpCfg.exe tool. Windows Server 2003 automatically installs this tool. When running Windows XP, you can download the tool at Windows XP Service Pack 2 Support Tools. For more information, see Httpcfg Overview.

When running Windows Vistaor Windows 7, you configure these settings with the Netsh.exe tool.

Configuring Namespace Reservations

 

Namespace reservation assigns the rights for a portion of the HTTP URL namespace to a particular group of users. A reservation gives those users the right to create services that listen on that portion of the namespace. Reservations are URL prefixes, meaning that the reservation covers all sub-paths of the reservation path. Namespace reservations permit two ways to use wildcards. The HTTP Server API documentation describes the order of resolution between namespace claims that involve wildcards.

A running application can create a similar request to add namespace registrations. Registrations and reservations compete for portions of the namespace. A reservation may have precedence over a registration according to the order of resolution given in the order of resolution between namespace claims that involve wildcards. In this case, the reservation blocks the running application from receiving requests.

Running Windows XP or Server 2003

 

Use the httpcfg.exe set urlacl command to change namespace reservations. The Windows Support Tools documentation explains the syntax for the Httpcfg.exe tool. Modifying the reservation rights for a portion of the namespace requires either administrative privileges or ownership of that portion of the namespace. Initially, the entire HTTP namespace belongs to the local administrator.

The following shows the syntax of the Httpcfg command with the set urlacl option

 
 
httpcfg set urlacl /u {http://URL:Port/ | https://URL:Port/} /aACL

The /u parameter is required when using set urlacl. It takes a string that contains a fully-qualified URL that serves as the record key for the reservation being made.

The /a parameter is also required when using set urlacl. It takes a string that contains an Access Control List (ACL) in the form of a Security Descriptor Definition Language (SDDL) string.

The following shows an example of using this command.

 
 
httpcfg.exe set urlacl /u http://myhost:8000/ /a "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"

Running Windows Vista, Windows Server 2008 R2 or Windows 7

 

If you are running on Windows Vista, Windows Server 2008 R2 or Windows 7, use the Netsh.exe tool. The following shows an example of using this command.

 
 
netsh http add urlacl url=http://+:80/MyUri user=DOMAIN\user

This command adds an URL reservation for the specified URL namespace for the DOMAIN\user account. For more information on using the netsh command type “netsh http add urlacl” in a command-prompt and press enter.

Configuring a Firewall Exception

 

When self-hosting a WCF service that communicates over HTTP, an exception must be added to the firewall configuration to allow inbound connections using a particular URL. For more information, see Open a port in Windows Firewall (Windows 7)

Configuring SSL Certificates

 

The Secure Sockets Layer (SSL) protocol uses certificates on the client and server to store encryption keys. The server provides its SSL certificate when a connection is made so that the client can verify the server identity. The server can also request a certificate from the client to provide mutual authentication of both sides of the connection.

Certificates are stored in a centralized store according to the IP address and port number of the connection. The special IP address 0.0.0.0 matches any IP address for the local machine. Note that the certificate store does not distinguish URLs based on the path. Services with the same IP address and port combination must share certificates even if the path in the URL for the services is different.

For step-by-step instructions, see How to: Configure a Port with an SSL Certificate.

Configuring the IP Listen List

 

The HTTP Server API only binds to an IP address and port once a user registers a URL. By default, the HTTP Server API binds to the port in the URL for all of the IP addresses of the machine. A conflict arises if an application that does not use the HTTP Server API has previously bound to that combination of IP address and port. The IP Listen List allows WCF services to coexist with applications that use a port for some of the IP addresses of the machine. If the IP Listen List contains any entries, the HTTP Server API only binds to those IP addresses that the list specifies. Modifying the IP Listen List requires administrative privileges.

Running Windows XP or Server 2003

 

Use the httpcfg tool to modify the IP Listen List, as shown in the following example. The Windows Support Tools documentation explains the syntax for the httpcfg.exe tool.

 
 
httpcfg.exe set iplisten -i 0.0.0.0:8000

Running Windows Vista or Windows 7

 

Use the netsh tool to modify the IP Listen List, as shown in the following example.

 
 
netsh http add iplisten ipaddress=0.0.0.0:8000

Other Configuration Settings

 

When using T:System.ServiceModel.WsDualHttpBinding, the client connection uses defaults that are compatible with namespace reservations and the Windows firewall. If you choose to customize the client base address of a dual connection, then you also must configure these HTTP settings on the client to match the new address.

The HTTP Server API has some advanced configuration settings that are not available through HttpCfg. These settings are maintained in the registry and apply to all applications running on the systems that use the HTTP Server APIs. For information about these settings, see Http.sys registry settings for IIS. Most users should not need to change these settings.

Issues Specific to Windows XP

 

IIS does not support port sharing on Windows XP. If IIS is running and a WCF service attempts to use a namespace with the same port, the WCF service fails to start. IIS and WCF both default to using port 80. Either change the port assignment for one of the services or use the IP Listen List to assign the WCF service to a network adapter not used by IIS. IIS 6.0 and later have been redesigned to use the HTTP Server APIs.

Configuring HTTP and HTTPS的更多相关文章

  1. harbor Configuring Harbor with HTTPS Access

    首先,下载fq (fanqiang) harbor-offline-installer-v1.2.0-rc5.tgz tar xvf harbor-offline-installer-<vers ...

  2. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  3. GitLab在Centos下的安装步骤

    第一步:(安装工具包) sudo yum install curl openssh-server postfix cronie sudo service postfix start sudo chkc ...

  4. ubuntu12.04 gitlab搭建

    最近在尝试内部搭建gitlab,wiki这些工具...我使用的官网的gitlab-ce包一键安装,自己搭建的ubuntu12.04 server服务器. 分配253地址,放在办公室的小角落. 配置过程 ...

  5. How to: Host and Run a Basic Windows Communication Foundation Service

    This is the third of six tasks required to create a Windows Communication Foundation (WCF) applicati ...

  6. 自定义的GitLab 头像无法正常显示以及URL总是指向localhost

    解决指向localhost的问题: 编辑gitlab的配置vi /etc/gitlab/gitlab.rb,修改external_url 参数值 [Mesogene@localhost ~]$ sud ...

  7. GitLab 之 Linux十分钟快装

    原文链接:http://www.cnblogs.com/highsea90/p/5191340.html 先把 Shell 命令贴出来,楼主以 CentOS release 6.5 (Final) 6 ...

  8. GitLab 之 Linux十分钟快装(转)

    先把 Shell 命令贴出来,楼主以 CentOS release 6.5 (Final) 64位 为例: //配置系统防火墙,把HTTP和SSH端口开放. sudo yum install curl ...

  9. Catalog Service - 解析微软微服务架构eShopOnContainers(三)

    上一篇我们说了Identity Service,因为其基于IdentityServer4开发的,所以知识点不是很多,今天我们来看下Catalog Service,今后的讲解都会把不同的.重点的拿出来讲 ...

随机推荐

  1. 你需要知道的九大排序算法【Python实现】之快速排序

    五.快速排序 基本思想:  通过一趟排序将待排序记录分割成独立的两部分,其中一部分记录的关键字均比另一部分关键字小,则分别对这两部分继续进行排序,直到整个序列有序. 算法实现: ​ #coding: ...

  2. SUBTOTAL 函数与所在行

    SUBTOTAL 函数与所在行 设计要点:数据汇总.隐藏.筛选 阿金:给你推荐一个函数SUBTOTAL. 秀秀:又是函数!俺不喜欢. 阿金:虽然你不喜欢函数,但是你也离不了啊,比如汇总. 秀秀:那倒是 ...

  3. 设计模式(Java版)-创建型模式之简单工厂模式

    前言:这段时间在学习设计模式,本人也是小菜一枚(所以写的如果有错误的地方请大大们给予指出).这个东西也是我一直想学习的,从点点滴滴做起,记录下自己每天的领悟! 一.工厂模式的动机 在软件系统中,经常面 ...

  4. Dynamics CRM记录页面上隐藏子网格“+”标识

    前段时间微软发布了Dynamics 365,这是Dynamics产品的又一次大的变动,期待新的版本能够更好的满足客户的需求,同时提供更多的可定制化的内容. 近期做Dynamics CRM项目遇到很多审 ...

  5. Java基础知识强化33:String类之String类的获取功能

    1. String类的获取功能 int length() // 获取字符串中字符的个数(长度) char charAt(int index)//根据位置获取字符 int indexOf(int ch) ...

  6. Linux中的小程序—— 进度条

    在说正事之前,首先科普一下在什么是回车什么是换行? 我们通常所说的回车就是从一行的末尾跳到另一行的开头,但事实上这却是由回车和换行两个动作所完成的,也就是键盘上<enter>所完成的工作. ...

  7. eclipse打包 jar文件,中文乱码解决方案

    直接通过eclipse浏览源代码时,发现中文注释为乱码的问题.其实这个eclipse默认编码造成的问题.可以通过以下方法解决: 修改Eclipse中文本文件的默认编码:windows->Pref ...

  8. (七)《Java编程思想》——多态的缺陷

    1.不能“覆盖”私有方法 package chapter8; /** * 不能"覆盖"私有方法 */ public class PrivateOverride { private ...

  9. 3:url无规律的多页面爬取

    试例网站:豆瓣电影TOP250:http://movie.douban.com/top250 关键点:在审查元素下查看后页即可以看到跳转的url.而且最后一页就此属性就没有了. 由于关键是实现分页,所 ...

  10. 使用VS Code开发TypeScript--定义变量推荐使用let

    使用VS Code开发TypeScript--定义变量推荐使用let 目录 作用域规则 JavaScript的严格模式 let与var的区别 作用域规则 一直以来我们都是通过var关键字定义JavaS ...