How to secure webHttpBinding?

json wcf ssl web-config
21,346

Solution 1

I think this article will solve your problem. Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL

Solution 2

The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html is this:

<bindings>
  <webHttpBinding>
    <binding>
      <security mode="Transport" />
    </binding>
  </webHttpBinding>
</bindings>

but also remove exposing metadata if desired.

the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx

the relevant parts are:

Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the transport of webHttpBinding.

Share:
21,346
Jaiesh_bhai
Author by

Jaiesh_bhai

Updated on July 09, 2022

Comments

  • Jaiesh_bhai
    Jaiesh_bhai almost 2 years

    In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using wsHttpBinding with a security mode of Transport. Why is webHttpBinding not able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?

    Essentially what is the difference between webHttpBinding and wsHttpBinding? 

    <bindings>
  <wsHttpBinding>
    <binding name="TransportSecurity">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>

  <endpointBehaviors>
    <behavior name="EndpBehavior">
      <webHttp />
    </behavior>
  </endpointBehaviors>
</behaviors>

<services>
  <service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService">

    <endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" />

    <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />   
  </service>
</services>

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  • Ashkan
    Ashkan over 8 years
    The link is broken. This is why link only answers should not be considered as an answer.
  • Ashkan
    Ashkan over 8 years
    The link is not broken, there was some problem with my browser which displayed 404 not found page. Anyway I think it's best to include a summary of the article in the answer as it says in SO's how to answer page Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline.. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to implement "SecurityProtocolType.Ssl, Ssl1, Ssl2, Ssl3; " through web.config not in global.asax.cs
"Authentication failed because the remote party has closed the transport stream" for normal users
How do you setup HTTP and HTTPS WCF 4 RESTful services?
WCF Exception - The client certificate is not provided
HTTP Error 500.19 - Internal Server Error The requested page cannot (WCF + REST + IIS7 + SSL)
WCF HTTP POST gives HTTP Status code 400 : Bad Request
Getting "EndPoint Not Found" error with WCF service deployed to SharePoint 2010 site
SSL error RemoteCertificateNameMismatch
Swift: How to request a URL with a self-signed certificate?
WCF service to return JSON-formatted faults