MSDN >
論壇首頁
>
Windows Communication Foundation
>
I need a definitive answer to the "can you use WCF/HTTPS in XBAP"
I need a definitive answer to the "can you use WCF/HTTPS in XBAP"
- Hi
I am evaluating XBAP for enterprise use in two scenarios:
1) use in an intranet
2) use by clilents over the internet
We have decided to look at XBAP's because :
1) We will not be able to deploy applications to client hardware
2) There will be several revisions of the software over a short period of time
3) The application needs to have a 'fatter' client as we have quite complex UI elements
From what I have read and understood about XBAPs they will be faster for us to devlelop and redeploy.
The application would rely on a back-end WCF service being present. I have read much documentation about the XBAPs not being able to use HTTPS and other restrictions due to the "security sandbox" that XBAP's run in. We can publish our XBAP's to run in either Partial or Full Trust modes
Here are the questions:
Can XBAP's use a WCF service over HTTPS in either Trust mode?
Can you use the System.Reflection namespace in either Trust mode?
Can you use the System.Security.Cryptography namespace in either Trust mode?
Thanks in advance for your help.
Adoz
解答
- Hello, since your scenario allows, we recommend you to use full trust. Partial trust has more problems you may think of. For example, you can only work with WCF services from the same site of origin. Reflection cannot enumerate internal members from another assembly and private members from another class. Some features of cryptography (such as those require machine key) are not available. And so on.
Full trust can solve most of the problems (you should be able to consume https services in full trust mode). But still be aware: Do not use app.config. IIS by default forbids clients to download .config files to protect unauthorized access to web.config (which typically contains sensitive information such as database connection string). If app.config exists, it will have to be downloaded to the client for the XBAP to work. While you can config IIS 7 to allow the downloading of .config files at the application level, this is not the recommended solution unless you're sure it's OK for clients to download the web.config. We recommend you to construct the service address and binding in code.
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 已標示為解答Steven Cheng - MSFTMSFT, 版主2009年7月10日 上午 02:31
所有回覆
- Hello, since your scenario allows, we recommend you to use full trust. Partial trust has more problems you may think of. For example, you can only work with WCF services from the same site of origin. Reflection cannot enumerate internal members from another assembly and private members from another class. Some features of cryptography (such as those require machine key) are not available. And so on.
Full trust can solve most of the problems (you should be able to consume https services in full trust mode). But still be aware: Do not use app.config. IIS by default forbids clients to download .config files to protect unauthorized access to web.config (which typically contains sensitive information such as database connection string). If app.config exists, it will have to be downloaded to the client for the XBAP to work. While you can config IIS 7 to allow the downloading of .config files at the application level, this is not the recommended solution unless you're sure it's OK for clients to download the web.config. We recommend you to construct the service address and binding in code.
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 已標示為解答Steven Cheng - MSFTMSFT, 版主2009年7月10日 上午 02:31
