» » Configuring WCF for HTTPS / SSL

Configuring WCF for HTTPS / SSL

22:18  Jurnalis Jalanan   Labels: , , ,
Was helping out my developers to secure their Windows Communication Foundation (WCF) service endpoints over HTTPS for the past few days and I thought to share the experience. Before getting started, we will need to configure IIS for SSL communication. Doing that is pretty simple now on IIS 7 (and above). Just follow the steps here to create a self-signed certificate and enable the SSL binding.

Once IIS is configured, we can now proceed to the WCF configuration.

1. Create a binding configuration for the https service by including the following in the serviceModel configuration seciton. This configures the service to enable SSL without requiring the client to be authenticated.

<bindings>
  <basicHttpBinding>
    <binding name="secureHttpsBinding">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

2.  In the service behavior, make sure to add the httpsGetEnabled setting. The below configuration actually allows the metadata to be exposed either on http or https. This setting allows the service to support whichever mode configured in IIS. To support https only, remove the httpGetEnabled setting.
<behaviors>
  <serviceBehaviors>
    <behavior name="DefaultServiceBehavior">
    <!-- To avoid disclosing metadata information,
     set the value below to false and remove the metadata
     endpoint before deployment to production -->
       <serviceMetadata httpGetEnabled="true"
                        httpsGetEnabled="true" />
       <serviceDebug includeExceptionDetailInFaults="true" /     </behavior>   </serviceBehaviors> </behaviors>
3. Finally configure your service to use the behavior and binding configuration.
<services>
  <service name="SSLSample.Services.ExpenseService" 
              behaviorConfiguration="DefaultServiceBehavior">

    <endpoint name="basicHttpExpenseService" address="" 
              binding="basicHttpBinding" 
              bindingConfiguration="secureHttpsBinding" 
              contract="SSLSample.Services.Contracts.IExpenseService" />
        
    <endpoint address="mex"
              binding="mexHttpsBinding"
              contract="IMetadataExchange" />
  </service>
</services>
Take note that the binding for the mex endpoint is using mexHttpsBinding. Deploy the service to IIS and you should be able to run and access the WSDL from https.  

You can use the above configuration for both WCF or Windows Workflow Foundation (WF) service endpoints. If you are using a different binding i.e. wsHttpBinding, make sure you change them appropriately.

[Note: When testing your service using localhost, you may get a warning on your cert or a red address bar on your browser. Use your machine name (append with your domain name - if any) instead]








Share on :


























Labels:
,
,
,














No comments:















Post a Comment


































Popular Post