tags:

views:

4246

answers:

2
+4  Q: 

Enable SSL for my WCF service

Hi,

I have a WCF service that uses basicHttpbinding in development.

Now in product we want to use SSL, what changes do I have to make to force SSL connections only?

+9  A: 

This page on MSDN explains WCF Binding Security.

http://msdn.microsoft.com/en-us/library/ms729700.aspx

The BasicHttpBinding class is primarily used to interoperate with existing Web services, and many of those services are hosted by Internet Information Services (IIS). Consequently, the transport security for this binding is designed for seamless interoperation with IIS sites. This is done by setting the security mode to Transport and then setting the client credential type. The credential type values correspond to IIS directory security mechanisms. The following code shows the mode being set and the credential type set to Windows. You can use this configuration when both client and server are on the same Windows domain.

C#

BasicHttpBinding b = new BasicHttpBinding();
b.Security.Mode = BasicHttpSecurityMode.Transport ;
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

Or, in configuration:

<bindings>   
   <basicHttpBinding>
            <binding name="SecurityByTransport">
               <security mode="Transport">
                 <transport clientCredentialType="Windows" />
                </security>
            </binding>   
   </basicHttpBinding> 
</bindings>

To enable ssl, without a login, set clientCredentialType to "None".

Options for security mode are:

None, Transport, Message, TransportWithMessageCredential and TransportCredentialOnly

You can find more details at: http://msdn.microsoft.com/en-us/library/system.servicemodel.basichttpsecuritymode.aspx

Stever B  2009-01-08 21:23:29
so security mode of "transport" signifies SSL?
Blankman  2009-01-08 21:34:41
A: 

Hi there,

I think that if under your "bindings" where you have <Security mode="Transport">, if you'd change it to be <security mode="None">, you would be ok.

this is a copy of a codebase that I'm working on that I did that in-code, and it appears to be working. I get the WSDL at least when i hit the service, if that helps at all :)

BasicHttpBinding basicBinding = new BasicHttpBinding();
if (RegistryConnectionStringFactory.UseSslForCommunications)
{
     basicBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
     basicBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
}
else
{
     basicBinding.Security.Mode = BasicHttpSecurityMode.None;
     basicBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
}
Richard B  2010-03-24 18:36:21

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL