I have a .Net service running on IIS 6 and WCF that I want to create two endpoints for. One secured with HTTPS and Basic authentication that will be accessed from our DMZ and one endpoint with no security that will only be accessible from the internal secure network. A firewall and maybe .Net filters will ensure that the unsecured service is not accessible outside the secure network.
So far I have not been successful getting two endpoints working with different security parameters. One configuration I tried is:
<service name="My.Service">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyService/"/>
</baseAddresses>
</host>
<endpoint address="UnSecuredAccessToMyService.svc"
behaviorConfiguration="restBehavior"
name="UnSecureEndpoint"
binding="webHttpBinding"
bindingName="SomeBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService.svc"
behaviorConfiguration="secBehavior"
name="SecuredEnpoint"
binding="webHttpBinding"
bindingConfiguration="customSecureBinding"
bindingName="SecBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
<behaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
<behavior name="secBehavior">
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="customSecureBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
The files UnSecuredAccessToMyService.svc and SecuredAccessToMyService.svc look like:
<%@ ServiceHost
Factory="somefactory, anotherfactory"
Service="My.Service, AnotherService"
%>
I am very new to WCF and .Net so extra details could really help, Thanks!
It looks like you've got your bindings and behaviours a little mixed up. Try changing your configuration to the following:
<services>
<service name="My.Service">
<endpoint address="UnSecuredAccessToMyService.svc"
binding="webHttpBinding"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService.svc"
binding="webHttpBinding"
bindingName="secureWebHttpBinding"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="secureWebHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
This specifies both endpoints should use WebHttpBinding
, but one will use the default binding and another will used a named binding "secureWebHttpBinding" which is configured to use Transport-layer security (SSL) and basic client authentication.
These should not require further configuration or customized behaviour unless you have needs beyond what is built-in by default.
Unfortunately a lot of WCF is trial-and-error debugging until you identify exactly which element is not operating correctly. If the information I've given you doesn't work, specify more symptoms of your problem and I'll try to give further assistance.
Use the configuration as
<service name="My.Service">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyService/UnSecuredAccessToMyService.svc"/>
</baseAddresses>
</host>
<endpoint address="UnSecuredAccessToMyService"
behaviorConfiguration="restBehavior"
name="UnSecureEndpoint"
binding="webHttpBinding"
bindingName="SomeBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
<endpoint address="SecuredAccessToMyService"
behaviorConfiguration="secBehavior"
name="SecuredEnpoint"
binding="webHttpBinding"
bindingConfiguration="customSecureBinding"
bindingName="SecBindingName"
bindingNamespace="http://mydomain/myservice"
contract="Domain.MyService.MyClass" />
</service>
Notice that the address="UnSecuredAccessToMyService" and address="SecuredAccessToMyService" for endpoint part which is very important. Now when you are calling the URl from client you need to call the URI as http://localhost/MyService/UnSecuredAccessToMyService.svc/UnSecuredAccessToMyService for Unsecured Access and http://localhost/MyService/UnSecuredAccessToMyService.svc/SecuredAccessToMyService for Secured access.
BaseAddress should be the fully qualified name including .svc
using the above configuration you will be able to use same .svc file, same contract, same operation/method but 2 different endpoint, 1 secure and 1 unsecure.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With