WCF服务代理生成在通过F5负载平衡器公开时引发错误

本文关键字:平衡 错误 负载 F5 代理 服务 WCF | 更新日期: 2023-09-27 18:29:46

我将从公司网络向公共网络公开我的服务。

我的证书是*.mydomain.com,一个通用证书。

我的负载均衡器url与服务是:

https://myservice.mydomain.com/service1.svc

我有两个应用服务器,它们的url是:

http://myservice1.mydomain.com/service1.svchttp://myservice2.mydomain.com/service1.svc

我们使用来自F5负载均衡器的SSL卸载。所以从外部世界到F5 LB,从LB到应用服务器,从http。我们在F5 LB配置了证书。

当我在浏览器上点击LB服务url时,我会得到"服务已经创建"页面

MyService Service
You have created a service.
To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:    
svcutil.exe http://myservice.mydomain.com/service1.svc?wsdl
You can also access the service description as a single file:
http://myservice.mydomain.com/service1.svc?singleWsdl

当我使用负载均衡器url从我的客户端应用程序添加服务引用时,我得到了以下错误:

The document was understood, but it could not be processed.
  - The WSDL document contains links that could not be resolved.
  - There was an error downloading 'http://myservice.mydomain.com/service1.svc?wsdl=wsdl0'.
  - Unable to connect to the remote server
  - No connection could be made because the target machine actively refused it 207.187.164.30:80
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
If the service is defined in the current solution, try building the solution and adding the service reference again.

但是当我直接从网络内部访问我的两个应用服务器url时,我能够生成生成的代理,我的服务也很好,但当我试图通过LB url生成网络外部的代理时,我会收到上面提到的错误。

我的服务绑定是:

<service behaviorConfiguration="DefaultBehavior" name="MyServices.MyService">
        <endpoint  binding="wsHttpBinding" contract="MyServices.IMyService" />
        <endpoint  address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>

相应的行为为:

<behavior name="DefaultBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <errorHandler/>
        </behavior>

请帮助我解决这个问题

WCF服务代理生成在通过F5负载平衡器公开时引发错误

虽然我将节点的服务公开为http,但F5 LB在ssl卸载方面做了大量工作,所以我从F5 LB获得的服务是https。由于我从节点通过http方案公开元数据,并且F5 LB不支持http方案,因此通过F5 LB在http url上生成wsdl被阻止,因此我无法生成代理。

后来,我从基础设施团队了解到,在生产中向客户暴露元数据是一个安全问题,所以我们阻止了它

所以现在的问题是,当我们不公开元数据端点时,客户端如何使用服务?简单的答案是使用通道工厂,并通过F5LB的httpsurl创建代理和调用服务方法。这就是我解决问题的方法。