tags:

views:

63

answers:

1
+2  Q: 

How can I configure WCF to accept SSL and non-SSL

I need some help configuring WCF to support multiple environments. One environment allows anonymous authentication over standard HTTP and the other uses Windows Authentication over SSL.

I can configure WCF to support either of the environments, but not both within the same web.config file.

Here's what allows anonymous over http:

<behaviors>
    <serviceBehaviors>
        <behavior name="MexBehavior" >
            <serviceMetadata httpGetEnabled="true" />
        </behavior>
    </serviceBehaviors>
    <endpointBehaviors>
        <behavior name="DLAspNetAjaxBehavior">
            <enableWebScript/>
        </behavior>
        <behavior name="Service1AspNetAjaxBehavior">
            <webHttp/>
        </behavior>
    </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
    <service name="DL" behaviorConfiguration="MexBehavior">
        <endpoint address="" behaviorConfiguration="DLAspNetAjaxBehavior" binding="webHttpBinding" contract="DLService"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>
    <service name="Service1" behaviorConfiguration="MexBehavior">
        <endpoint address="" behaviorConfiguration="Service1AspNetAjaxBehavior" binding="webHttpBinding" contract="Service1"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>          
</services>

And here's what works for Windows Authentication over SSL:

<behaviors>
    <serviceBehaviors>
        <behavior name="MexBehavior" >
            <serviceMetadata httpGetEnabled="true" />
        </behavior>
    </serviceBehaviors>
    <endpointBehaviors>
        <behavior name="DLAspNetAjaxBehavior">
            <enableWebScript/>
        </behavior>
        <behavior name="Service1AspNetAjaxBehavior">
            <webHttp/>
        </behavior>
    </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
    <service name="DL" behaviorConfiguration="MexBehavior">
        <endpoint address="" behaviorConfiguration="DynamicLoaderAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webWinBinding" contract="DLService"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>
    <service name="Service1" behaviorConfiguration="MexBehavior">
        <endpoint address="" behaviorConfiguration="ValidValuesServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webWinBinding" contract="Service1"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>          
</services>     
<bindings>
    <webHttpBinding>
        <binding name="webWinBinding">
            <security mode="Transport">
                <transport clientCredentialType="Windows" />
            </security>
        </binding>
    </webHttpBinding>           
</bindings>

When I add the endpoint from the SSL configuration to the non-SSL configuration, the anonymous service breaks.

Here is the config file that doesn't work but attempts to put both settings together:

<behaviors>
    <serviceBehaviors>
        <behavior name="MexBehavior" >
            <serviceMetadata httpGetEnabled="true" />
        </behavior>
    </serviceBehaviors>
    <endpointBehaviors>
        <behavior name="DLAspNetAjaxBehavior">
            <enableWebScript/>
        </behavior>
        <behavior name="Service1AspNetAjaxBehavior">
            <webHttp/>
        </behavior>
    </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
    <service name="DynamicLoader" behaviorConfiguration="MexBehavior">
        <endpoint name="basic" address="" behaviorConfiguration="DLAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webAnonymousBinding" contract="DLService"/>
        <endpoint name="secure" address="" behaviorConfiguration="DLAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webWinBinding" contract="DLService"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>
    <service name="ValidValuesService" behaviorConfiguration="MexBehavior">
        <endpoint name="basic" address="" behaviorConfiguration="Service1AspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webAnonymousBinding" contract="Service1"/>
        <endpoint name="secure" address="" behaviorConfiguration="Service1AspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webWinBinding" contract="Service1"/>
        <endpoint name="MEXEndpoint" contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>
</services>
<bindings>
    <webHttpBinding>
        <binding name="webWinBinding">
            <security mode="Transport">
                <transport clientCredentialType="Windows" />
            </security>
        </binding>
        <binding name="webAnonymousBinding">
            <security mode="None">
            </security>
        </binding>
    </webHttpBinding>
</bindings>

Is there some way I can combine the endpoints into one web.config to support the two environments?

A: 

Does this previous SO question/answer help?

http://stackoverflow.com/questions/951204/calling-a-web-service-using-wcf-over-http-and-https

(See the first answer.)

David Hoerster  2010-08-26 19:50:34
No, it doesn't work for me. I will edit the question to show the combined config file that doesn't work. Thanks!
Chris Conway  2010-08-26 19:59:59

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL