How to secure webHttpBinding?
Solution 1
I think this article will solve your problem. Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL
Solution 2
The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html is this:
<bindings>
<webHttpBinding>
<binding>
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
but also remove exposing metadata if desired.
the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx
the relevant parts are:
Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the transport of webHttpBinding.
Jaiesh_bhai
Updated on July 09, 2022Comments
-
Jaiesh_bhai almost 2 years
In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using
wsHttpBinding
with a security mode ofTransport
. Why iswebHttpBinding
not able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?Essentially what is the difference between
webHttpBinding
andwsHttpBinding
?<bindings> <wsHttpBinding> <binding name="TransportSecurity"> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> <endpointBehaviors> <behavior name="EndpBehavior"> <webHttp /> </behavior> </endpointBehaviors> </behaviors> <services> <service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService"> <endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" /> <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" /> </service> </services> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
-
Ashkan over 8 yearsThe link is broken. This is why link only answers should not be considered as an answer.
-
Ashkan over 8 yearsThe link is not broken, there was some problem with my browser which displayed 404 not found page. Anyway I think it's best to include a summary of the article in the answer as it says in SO's how to answer page
Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline.
. Thanks.