tags:

views:

664

answers:

1
+4  Q: 

What are the steps to setup SSL to work with WCF on Azure?

Please post the steps you have taken to setup SSL to work with WCF on Azure.

I have my valid certificate uploaded successfully (using cspack) and working with the rest of the site, but after adding it, my previously working WCF service stopped working. (All I get is a 404 error back to Silverlight, which is not very helpful. Up votes to whomever comes up with some better logging I could be doing too to help diagnose the problem too!)

I've tried many variations on this configuration:

<system.serviceModel>
     <!--start added for SSL--> 
    <bindings>
      <basicHttpBinding>
        <binding name="SecureBasicHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"  />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
     <!--end added for SSL--> 
    <behaviors>
      <!--start added for SSL--> 
      <endpointBehaviors>
        <behavior name="DisableServiceCertificateValidation">
          <clientCredentials>
            <serviceCertificate>
              <authentication certificateValidationMode="None"
                              revocationMode="NoCheck" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
      <!--start added for SSL--> 
      <serviceBehaviors>
        <behavior name="Silverheat.Cloud_WebRole.API.DataServiceBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <!-- certificate checking removed --> 
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <services>
      <service behaviorConfiguration="Silverheat.Cloud_WebRole.API.DataServiceBehavior"
          name="Silverheat.Cloud_WebRole.API.DataService">
        <!--<endpoint address="" binding="basicHttpBinding" contract="Silverheat.Cloud_WebRole.API.DataService" />-->
        <endpoint bindingConfiguration="SecureBasicHttpBinding"
                  behaviorConfiguration="DisableServiceCertificateValidation"
                  address="" binding="basicHttpBinding"
                  contract="Silverheat.Cloud_WebRole.API.DataService" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>

Unfortunately, debugging this and getting more info is really hard because I cannot step through and debug with any configuration remotely like I'd use on the live server because the bindings tag has problems on debug (but not live).

Thanks for your help and interest!

+2  A: 

Wow! Its alive! Its working!!

Still doesn't work in debug (security exception), but I'll live with that until the next release.

Here's the configuration that worked:

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="SecureBasicHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"  />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="Silverheat.Cloud_WebRole.API.DataServiceBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <services>
      <service behaviorConfiguration="Silverheat.Cloud_WebRole.API.DataServiceBehavior"
          name="Silverheat.Cloud_WebRole.API.DataService">
        <endpoint bindingConfiguration="SecureBasicHttpBinding"
          address="" binding="basicHttpBinding"
          contract="Silverheat.Cloud_WebRole.API.DataService" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>

(I think it was "mexHttpsBinding" that made it finally work, although I don't entirely understand why it needs meta data after its already configured, back to the books I guess)

I'd still like to know how to enable some kind of logging for WCF, but I'll poke around this great site a bit more and I'm sure I'll find an answer.

divitiae  2009-03-03 04:57:30

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL