开发者

How to hide my WCF service

问答 作者:

I have a WCF service embedded into windows service. It's bind to localhost but it also accepts connection from this kind of URL - "http://ip:port/ServiceName", how can i hide it from others and allow connection only from localhost.

Here is my service configuration

<system.serviceModel>
 <behaviors>
  <serviceBehaviors>
     <behavior name="Test.Service.ServiceBehavior">
         <serviceMetadata httpGetEnabled="true" /> 
         <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior>
  </serviceBehaviors>
 </behaviors>
 <services>
   <service behaviorConfiguration="Test.Service.ServiceBehavior" name="Test.Service.TestService">
      <endpoint address="localhost" binding="wsHttpBinding" contract="Test.Service.IService">
        <identity>
           <dns value="localhost" /> 
        </identity>
      </endpoint>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
      <host>
         <baseAddresses>
              <add baseAddress="http://localhost:8732/MyService/service" /> 
         </baseAddresses>
      </host>
  </service开发者_如何学Go>
</services>
</system.serviceModel>

To "hide" it, you need to turn off any meta data exchange, so you need to remove:

<serviceMetadata httpGetEnabled="true" />

from your service behaviors, and you need to remove the mex endpoint:

<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

However, this is only "obscuring" it. To avoid anyone else but localhost to call - why not switch to the netNamedPipeBinding, which is by design "on this machine only" - no outside callers are able to call into that endpoint.

Otherwise, you'd have to check for the caller's IP address and block them based on that information - which however can be spoofed pretty easily....

I would switch to NetNamedPipeBinding - this is inherently local-only, but also avoids a few additional layers, and doesn't require access to any ports (which non-admins don't have by default). This can be done in config using the <netNamedPipeBinding> element.

If you are hosting in IIS, you could just change the site Bindings from "*" to "127.0.0.1"

继续阅读:servicesvcwcfwcf-binding

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9