如何隐藏我的WCF服务

mir*_*ych 3 c# service wcf wcf-binding svc

我有一个嵌入到Windows服务中的WCF服务.它绑定到localhost但它也接受来自这种URL的连接 - "http:// ip:port/ServiceName",如何将其隐藏起来并允许仅从localhost连接.

这是我的服务配置

<system.serviceModel>
 <behaviors>
  <serviceBehaviors>
     <behavior name="Test.Service.ServiceBehavior">
         <serviceMetadata httpGetEnabled="true" /> 
         <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior>
  </serviceBehaviors>
 </behaviors>
 <services>
   <service behaviorConfiguration="Test.Service.ServiceBehavior" name="Test.Service.TestService">
      <endpoint address="localhost" binding="wsHttpBinding" contract="Test.Service.IService">
        <identity>
           <dns value="localhost" /> 
        </identity>
      </endpoint>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
      <host>
         <baseAddresses>
              <add baseAddress="http://localhost:8732/MyService/service" /> 
         </baseAddresses>
      </host>
  </service>
</services>
</system.serviceModel>
Run Code Online (Sandbox Code Playgroud)

mar*_*c_s 6

要"隐藏"它,您需要关闭任何元数据交换,因此您需要删除:

<serviceMetadata httpGetEnabled="true" /> 
Run Code Online (Sandbox Code Playgroud)

从您的服务行为,您需要删除mex端点:

<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
Run Code Online (Sandbox Code Playgroud)

然而,这只是"模糊"它.除了localhost之外,为了避免其他任何人调用 - 为什么不切换到netNamedPipeBinding"仅在这台机器上"的设计 - 没有外部调用者能够调用该端点.

否则,您必须检查呼叫者的IP地址并根据该信息阻止它们 - 但这可能很容易被欺骗....