How to enable HTTPS on WCF RESTful Service?

c# wcf rest ssl
28,634

Solution 1

It appears you are building a RESTful Service with WCF and you are really close to securing it.

Here is what you need to do to secure it:

  1. Add a new WebHttpBinding configuration that has security mode set to Transport.
  2. Assign that new WebHttpBinding configuration to the your Service Endpoint binding.
  3. Make sure that your RESTful service can only be accessed via HTTPS by setting httpGetEnabled="false".
  4. Set up the metadata publishing endpoint to use HTTPS.

These changes are all summed up below in the revised configuration file (see comments for points that changed). Also note that your Service Endpoint must be using the HTTPS scheme and not HTTP.

<system.serviceModel >
  <services>
     <service name="WcfRestfulService.HttpService"
              behaviorConfiguration="ServiceBehaviour" >
         <endpoint address="" 
                   binding="webHttpBinding"
                   <!-- Add reference to secure WebHttpBinding config -->
                   bindingConfiguration="webHttpTransportSecurity"
                   behaviorConfiguration="web"
                   contract="WcfRestfulService.IHttpService" />
         <!-- Need to make sure that our metadata 
              publishing endpoint is using HTTPS as well -->
         <endpoint address="mex"
                   binding="mexHttpsBinding"
                   contract="IMetadataExchange" />
     </service>
  </services>
  <!-- Add secure WebHttpBinding config -->
  <bindings>
     <webHttpBinding>
        <binding name="webHttpTransportSecurity">
           <security mode="Transport" />
         </binding>
      </webHttpBinding>
  </bindings>
  <behaviors>
      <serviceBehaviors>
         <behavior name="ServiceBehaviour">
             <serviceMetadata httpsGetEnabled="true"
                              <!-- Make sure the service can 
                                 be accessed only via HTTPS -->
                              httpGetEnabled="false"/>
             <serviceDebug includeExceptionDetailInFaults="false"/>
         </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
         <behavior name="web">
             <webHttp/>
         </behavior>
      </endpointBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>

Solution 2

You need to set security mode="Transport" in the binding

  <basicHttpBinding>
    <binding name="secureHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </basicHttpBinding>

Read more on MSDN

Share:
28,634
Tajkumar
Author by

Tajkumar

Updated on July 27, 2020

Comments

  • Tajkumar
    Tajkumar over 3 years

    How to make wcf to work over https. I want to use this wcf over https i have searched many articles i didn't get the answer please help iam new to wcf concepts. I want to call it from ajax,jquery

     <system.serviceModel >
<services>
  <service
    name="WcfRestfulService.HttpService" behaviorConfiguration="ServiceBehaviour" >
    <endpoint address="" binding="webHttpBinding" behaviorConfiguration="web"
              contract="WcfRestfulService.IHttpService">
    </endpoint>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Authentication failed because the remote party has closed the transport stream" for normal users
Download file using WCF Rest service?
file upload download using WCF rest
HTTP Error 500.19 - Internal Server Error The requested page cannot (WCF + REST + IIS7 + SSL)
The remote server returned an error: (400) Bad Request - uploading less 2MB file size?
Reading streamed content from HttpResponseMessage.Content
server certificate is not configured properly with HTTP.SYS in the HTTPS case
WCF Restful post Services returns BAD REQUEST(400)
Good tutorial for RESTful Services
Calling a REST web service over SSL