WCF是否支持SNI（服务器名称指示）

Question

我想使用基本身份验证消耗第三方WCF服务，但我也需要使用SNI。我一起被攻击了以下示例（减去真实端点的东西）来展示我设置的内容和我得到的错误。

在我对WCF的知识时知之甚少，没有任何帮助。

config

<endpoint 
 address="https://their.server.com/theirservice.svc"
 binding="basicHttpBinding"  
  bindingConfiguration="BasicHttpBinding_ISyncFramework2"
  contract="ISyncFramework" name="BasicHttpBinding_ISyncFramework2">
 </endpoint>

       <basicHttpBinding>
         <binding name="BasicHttpBinding_ISyncFramework2" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
       allowCookies="false" bypassProxyOnLocal="false" 
      hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
           <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
               maxBytesPerRead="4096" maxNameTableCharCount="16384" />
           <security mode="Transport">
             <transport clientCredentialType="Basic" proxyCredentialType="None"
                 realm="" />
           </security>
         </binding>
       </basicHttpBinding>

.

代码：

            var service = new SyncFrameworkClient();
            service.ClientCredentials.UserName.UserName = "username";
            service.ClientCredentials.UserName.Password = "thepassword";

            service.method() // fails!

.

对方法的调用失败：

所请求的服务，'https://their.server.com/theirservice.svc'无法激活。有关更多信息，请参阅服务器的诊断跟踪日志。

服务器跟踪

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

.

Answer 1

通常是服务侧问题而不是客户端问题。SNI是一种改进SSL握手的服务器技术，在Microsoft堆栈中是仅在未发布的IIS 8 版本中支持。除非第三方滚动自己的SNI / SSL堆栈，否则他们的WCF服务似乎不太可能需要它。

在您获得的实际异常上，似乎沿这个博客帖子可能是问题的原因。您的配置和代码片段使用SSL和基本HTTP身份验证为BasichTTPBinding Weep.