WCF Metadata on separate port and not SSL

Question

Hi all,

Pretty new to complex WCF configs and have looked around, but couldn't clearly answer this. I'm looking for a yes this is possible and ideally a sample or no, this is not possible.

Question: Can you separate out the Metadata (WSDL) from a secure transport (SSL) service and make it plain old HTTP?

We have a WCF service that is using Transport security (SSL) for the service. At this stage, during development we're using our own Certificates for the SSL, so we're a CA.

So the WSDL is exposed using

<serviceMetadata httpsGetEnabled="true" />

Under the service behaviours.

When you browse to the WSDL https://devserver:8010/MyService/?wsdl you get the usual, don't know the CA warning and just click IGNORE to continue on.

One of the problems I've got is that a proxy generation tool like JAX-WS just bails with a HTTP.403 Forbidden warning, even though I've put the CA certificate into the JDK/JRE keystore for cacerts.

So I was thinking, if I could separate out the Metadata then you could expose that on HTTP on a separate port and then there's no certificate issues for generating proxies.

So I tried marking the service metadata as follows:

<serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8011/MyService/" />

But this doesn't work as it's now mixing up the behaviour.

Perhaps I've missed something? Perhaps this isn't possible?

And yes, to some extent it is moot, as a production machine WOULD have a trusted CA and therefore you won't get the certificate trust warnings. However, it's now become a question of is this possible?

All help appreciated, thanks Hadley

Answer 1

You also need to specify your MEX endpoint

http://bloggingabout.net/blogs/dennis/archive/2006/11/09/WCF-Part-4-%5F3A00%5F-Make-your-service-visible-through-metadata.aspx

Note it will need a different binding configuration with security = None instead of transport.

Answer 2

Did some more trial and error and the end result which works is like this. This is shortened for brevity.

<behaviors>
  <serviceBehaviors>
    <behavior name="serviceBehaviour">
      <serviceMetadata httpGetEnabled="true" httpGetUrl="http://devserver:8022/MyService/" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>
  <basicHttpBinding>
    <binding name="basicHttp" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
      <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
      <security mode="Transport">
      </security>
    </binding>
  </basicHttpBinding>
  <webHttpBinding>
    <binding name="webHttp">
      <security mode="None">
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="serviceBehaviour" name="MyService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp" 
    name="httpsEndpoint" contract="IMyService" />
    <host>
      <baseAddresses>
        <add baseAddress="https://devserver:8020/MyService/" />
      </baseAddresses>
    </host>
  </service>