ansaurus

Question

How to secure a Silverlight-Enabled WCF Web Service with SSL?

Answer 1

A:

WS* is not supported in Silverlight - basically change the URL in the client config to be an https:// url - that's all you can do

blowdart 2009-05-09 00:59:03

I tried that, the service would then not connect.

Yttrium 2009-05-09 01:00:23

Answer 2

+2 A:

in the ServiceReferences.ClientConfig file of the Silverlight client app that the "Binding" tag only allows basicHttpBinding and NOT wsHttpBinding. Does this mean that you can not secure a Silverlight-Enabled WCF Service?

No, it doesn't mean that. You can have a basicHttpBinding and still assign transport-level security (HTTPS with SSL) to it. That shouldn't be a problem.

Marc

PS: Many one of those links gives you more insight and the proverbial "AHA!" :-)

marc_s 2009-05-09 08:23:23

Thanks! Though I'm confused as to what do I put in the Web.Config file that hosts the service? Is it just basicHttpBinding with transport security? I tried that and it returns a "Not Found" error.

Yttrium 2009-05-09 18:20:46

Does your server that hosts the service have an SSL certificate installed and all? If you want to use SSL transport-level security, SSL at the transport level has to be setup correctly beforehand.

marc_s 2009-05-10 08:21:45

Yes, the site has a working SSL, I can access an .ASMX service using transport security and pointing it to https in the Silverlight config file. But I can't for the life of me get it find a Silverlight-Enabled WFC service through https with transport security.

Yttrium 2009-05-14 14:29:43

There's a number of ways you can set up transport security - just "transport", or "transportwithmessagecredentials" and another one I forget right now. I am not 100% sure what a Silverlight environment would expect - but basically, you have to have the same settings on both ends of your communications channel.

marc_s 2009-05-14 14:45:29

Answer 3

+3 A:

There are three key places that I configure to use https in my own apps.

Web.config

In the behavior tag include this line:

<serviceMetadata httpsGetEnabled="true"/>

For the MEX endpoint, make sure you use the https protocol:

<endpoint address="mex" binding="mexHttpsBinding"
          contract="IMetadataExchange" />

Create a custom binding. The important part is the transport security:

  <basicHttpBinding>
    <binding name="myServicesBinding">
      <security mode="Transport"/>
    </binding>
  </basicHttpBinding>

You can also include the usual authorization stuff:

<authorization>
  <allow users="?"/>
  <deny users="*"/>
</authorization>

Silverlight

On the Silverlight end, either point the ServiceReference at the now secure service, or set up the connections manually in code. the ServiceReferences.ClientConfig file should have the security stuff in it:

<security mode="Transport"/>

And the code version looks like this:

BasicHttpBinding b = new BasicHttpBinding(BasicHttpSecurityMode.Transport);

There are probably more complex things that can be done, but this should be good enough for most people.

McAravey 2009-05-11 22:03:11

ansaurus

tags:

views:

answers:

How to secure a Silverlight-Enabled WCF Web Service with SSL?

related questions