tags:

views:

34

answers:

1
Q: 

Do I need to do anything special to make WCF calls work over HTTPS, ..if HTTP works fine?

I have two versions of the same proof-of-concept site: The unsecure version:

http://www.tlsadmin.com/tlsadmin/PortalHome.aspx

and the secure version:

https://www.tlsadmin.com/tlsadmin/PortalHome.aspx

The problem I have is that my WCF-Based web services don't seem to work under HTTPS. Is there something I'm missing, or not understanding about this? I thought a relative URL for the SVC file would cover everything

<asp:ScriptManager ID="ScriptManager1" runat="server" >
    <Services>
        <asp:ServiceReference Path="~/Services/Contacts.svc" />
        <asp:ServiceReference Path="~/Services/Domains.svc" />
        <asp:ServiceReference Path="~/Services/TreeViewNavigation.asmx" />
        <asp:ServiceReference Path="/Services/FullSoaSchedulerService.svc/json" />
    </Services>
</asp:ScriptManager>

Perhaps I need to add an additional binding for the webservice to work over HTTPS?

<service name="LC.www.nexthop.mx.POC.grid_WebService.Domains">
        <endpoint address="" behaviorConfiguration="LC.www.nexthop.mx.POC.grid_WebService.DomainsAspNetAjaxBehavior"
          binding="webHttpBinding" contract="LC.www.nexthop.mx.POC.grid_WebService.Domains" />
      </service>
+1  A: 

You want to add a custom binding to your configuration to enable it for HTTPS by setting your binding's security mode to transport.

 <bindings>
   <webHttpBinding>
     <binding name="httpsBinding">
       <security mode="Transport">
       </security>
     </binding>
   </webHttpBinding>
 </bindings>

The default security mode is None which doesn't play well with HTTPS.

Then assign that binding to your endpoint:

<service name="LC.www.nexthop.mx.POC.grid_WebService.Domains">
        <endpoint address="" behaviorConfiguration="LC.www.nexthop.mx.POC.grid_WebService.DomainsAspNetAjaxBehavior"
          binding="webHttpBinding" bindingConfiguration="httpsBinding" contract="LC.www.nexthop.mx.POC.grid_WebService.Domains" />
</service>

This blog post helped me out when I first ran into this situation.

Hope this helps!!

David Hoerster  2010-08-21 01:59:54
+1 and THANKS! Worked like a charm
MakerOfThings7  2010-08-21 02:29:39
Glad it worked for you. Yeah, that stumped me at first, too. I wish it wasn't so unintuitive (it wasn't intuitive at all for me :) ). The thing to keep in mind is that your development environment may not be HTTPS, so you'll need to change that security mode for DEV. I have a build process that handles that (no security for DEV, Transport for QA/PROD).
David Hoerster  2010-08-21 02:42:21

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State