Hi,
I was asked to set up a .NET web service to expose a few methods for querying a database, which isn't a difficult task, but they said they wanted it secured using SSL since it is not internal.
How does one use SSL with a web service?
And is this something to use WCF for, or should I stick with a .net 2.0 web service?
Thanks in advance
It should not make any difference to the web service whether you are using SSL or not. Set up the web site for the web service like you would setting up SSL for a normal web site.
Edit: This is if you are using an IIS hosted .Net 2.0 web service, or IIS hosted WCF service. If you have a standalone WCF service, see Fredou's links.
All of WSE (asmx) WSE3 and WCF (svc) web-services work fine over SSL, largely without any changes. Indeed, originally WCF's TransportWithMessageCredential security-mode would only work over SSL.
For convenience, it is easiest to host the web-service in IIS and let IIS deal with the SSL (saves having to mess with certificates in code or config files).
I've also seen a glitch in IIS (serving multiple sites) where a WCF endpoint on the non-default site wasn't reachable over http (something to do with the site), but worked fine over https. It needed a custom service factory to get it working reliably (by completely disabling http, leaving just https).
Use WCF for sure.
Check out these webcasts got me on track with the whole WCF security things.