Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to enable HTTPS on WCF RESTful Service?

Tags:

rest

c#

ssl

wcf

How to make wcf to work over https. I want to use this wcf over https i have searched many articles i didn't get the answer please help iam new to wcf concepts. I want to call it from ajax,jquery

 <system.serviceModel >
<services>
  <service
    name="WcfRestfulService.HttpService" behaviorConfiguration="ServiceBehaviour" >
    <endpoint address="" binding="webHttpBinding" behaviorConfiguration="web"
              contract="WcfRestfulService.IHttpService">
    </endpoint>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

like image 954
Tajkumar Avatar asked Mar 25 '15 02:03

Tajkumar


1 Answers

It appears you are building a RESTful Service with WCF and you are really close to securing it.

Here is what you need to do to secure it:

  1. Add a new WebHttpBinding configuration that has security mode set to Transport.
  2. Assign that new WebHttpBinding configuration to the your Service Endpoint binding.
  3. Make sure that your RESTful service can only be accessed via HTTPS by setting httpGetEnabled="false".
  4. Set up the metadata publishing endpoint to use HTTPS.

These changes are all summed up below in the revised configuration file (see comments for points that changed). Also note that your Service Endpoint must be using the HTTPS scheme and not HTTP.

<system.serviceModel >
  <services>
     <service name="WcfRestfulService.HttpService"
              behaviorConfiguration="ServiceBehaviour" >
         <endpoint address="" 
                   binding="webHttpBinding"
                   <!-- Add reference to secure WebHttpBinding config -->
                   bindingConfiguration="webHttpTransportSecurity"
                   behaviorConfiguration="web"
                   contract="WcfRestfulService.IHttpService" />
         <!-- Need to make sure that our metadata 
              publishing endpoint is using HTTPS as well -->
         <endpoint address="mex"
                   binding="mexHttpsBinding"
                   contract="IMetadataExchange" />
     </service>
  </services>
  <!-- Add secure WebHttpBinding config -->
  <bindings>
     <webHttpBinding>
        <binding name="webHttpTransportSecurity">
           <security mode="Transport" />
         </binding>
      </webHttpBinding>
  </bindings>
  <behaviors>
      <serviceBehaviors>
         <behavior name="ServiceBehaviour">
             <serviceMetadata httpsGetEnabled="true"
                              <!-- Make sure the service can 
                                 be accessed only via HTTPS -->
                              httpGetEnabled="false"/>
             <serviceDebug includeExceptionDetailInFaults="false"/>
         </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
         <behavior name="web">
             <webHttp/>
         </behavior>
      </endpointBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
like image 172
Derek W Avatar answered Sep 28 '22 00:09

Derek W