tags:

views:

4246

answers:

2

Hi,

I have a WCF service that uses basicHttpbinding in development.

Now in product we want to use SSL, what changes do I have to make to force SSL connections only?

+9  A: 

This page on MSDN explains WCF Binding Security.

http://msdn.microsoft.com/en-us/library/ms729700.aspx

The BasicHttpBinding class is primarily used to interoperate with existing Web services, and many of those services are hosted by Internet Information Services (IIS). Consequently, the transport security for this binding is designed for seamless interoperation with IIS sites. This is done by setting the security mode to Transport and then setting the client credential type. The credential type values correspond to IIS directory security mechanisms. The following code shows the mode being set and the credential type set to Windows. You can use this configuration when both client and server are on the same Windows domain.

C#

BasicHttpBinding b = new BasicHttpBinding();
b.Security.Mode = BasicHttpSecurityMode.Transport ;
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

Or, in configuration:

<bindings>   
   <basicHttpBinding>
            <binding name="SecurityByTransport">
               <security mode="Transport">
                 <transport clientCredentialType="Windows" />
                </security>
            </binding>   
   </basicHttpBinding> 
</bindings>

To enable ssl, without a login, set clientCredentialType to "None".

Options for security mode are:

None, Transport, Message, TransportWithMessageCredential and TransportCredentialOnly

You can find more details at: http://msdn.microsoft.com/en-us/library/system.servicemodel.basichttpsecuritymode.aspx

Stever B
so security mode of "transport" signifies SSL?
Blankman
A: 

Hi there,

I think that if under your "bindings" where you have <Security mode="Transport">, if you'd change it to be <security mode="None">, you would be ok.

this is a copy of a codebase that I'm working on that I did that in-code, and it appears to be working. I get the WSDL at least when i hit the service, if that helps at all :)

BasicHttpBinding basicBinding = new BasicHttpBinding();
if (RegistryConnectionStringFactory.UseSslForCommunications)
{
     basicBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
     basicBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
}
else
{
     basicBinding.Security.Mode = BasicHttpSecurityMode.None;
     basicBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
}
Richard B