WCF webHttpBinding for both HTTP and HTTPS? - wcf

I'm having a really hard time finding how to host a WCF service in an IIS site that works on both HTTP and HTTPS. I've done about 10 hours of research including just about every link on StackOverflow that relates to this issue and tried many different combinations and have not yet been able to get both working at the same time. Right now only HTTPS works with the below configuration:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="http">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
<binding name="https">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="MyWcfServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>
</system.serviceModel>

I think you need to specify different endpoint "address" values in your service configuration.
For example:
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="secure" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>

Related

Add WCF RESTful service as application to classic ASP website

Well. We have a legacy classic asp website running on IIS 8.5 on windows server 2012. Both http and https protocols are enabled for the website. Recently I developed a standalone WCF web service and added it as Application to our website (with different application pool).
Now WCF works fine with http protocol but not with https. Service.svc loads normally with https, but for all requests returns 400
this is my web.config
<system.web>
<compilation targetFramework="4.5" />
<customErrors mode="Off"/>
<httpRuntime targetFramework="4.5" maxUrlLength="1000"/>
</system.web>
<system.serviceModel>
<services>
<service name="KATProductFilter.Service1" behaviorConfiguration="mycorp.Callback.SecPayServiceBehavior">
<endpoint address=""
binding="wsHttpBinding" bindingConfiguration="TransportBinding"
contract="KATProductFilter.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="mycorp.Callback.SecPayServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<baseAddressPrefixFilters>
<add prefix="https://www.knivesandtools.nl/filterssl"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
</system.serviceModel>
Thanks in advance
I solved it. Endpoint's binding must be webHttpBinding and it MUST have both bindingConfiguration and behaviorConfiguration as follow.
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="test">
<serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="katproductfilter_behavior">
<dataContractSerializer ignoreExtensionDataObject="true" maxItemsInObjectGraph="2147483646"/>
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="KATProductFilter.Service1" behaviorConfiguration="test">
<endpoint address="" binding="webHttpBinding" contract="KATProductFilter.IService1" bindingConfiguration="TransportSecurity" behaviorConfiguration="katproductfilter_behavior"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0"/>
P.S Ricardo thanks for link.

How to enable SSL/HTTPS in WCF Service?

I want to enable SSL/HTTPS in my WCF Service.
So I have found a site of Microsoft: http://msdn.microsoft.com/en-us/library/hh556232.aspx
But it doesn't function.
Is there something missing?
This is what I have:
<system.serviceModel>
<services>
<service name="Service.Service">
<endpoint address="" binding="webHttpBinding" contract="Service.IService" bindingConfiguration="webHttpsBinding" behaviorConfiguration="restBehavior"></endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding" closeTimeout="00:00:20">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
I want to call the service from jquery. Use ajax and getjson.

WCF + SSL/HTTPS in IIS(6). How to disable HTTP access in web.config?

I have a WCF app hosted in IIS6 (and 7 in dev environment) with one wsHttp (SOAP) and two webHttp (REST) bindings.
I want to secure the services when publishing to production site and disable metadata and webHttp help page and ENABLE SSL for the bindings. At the same time i would like to have HTTP disabled. I'm aware of the option in IIS to "Require Secure Channel" but I was wondering if the same can be achieved in web.config?
I was under the impression that
<security mode="Transport">
would "disable" http access (ie. https required) but in my case it didn't.
Her is the ServiceModel part of web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SoapTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
<message establishSecurityContext="false"/>
</security>
</binding>
</wsHttpBinding>
<webHttpBinding>
<binding name="RestTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="CustomerWcfService" behaviorConfiguration="Web.ServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="SoapTransportSecurityBinding" contract="ICustomerWcfService">
<identity>
<dns value="ws.somecompany.com"/>
</identity>
</endpoint>
</service>
<service name="SentShipmentsWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="ISentShipmentsWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
<service name="InsuranceInfoWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="IInsuranceInfoWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Web.ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="webHttpServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="RestEndpointBehavior">
<webHttp helpEnabled="false"/>
</behavior>
</endpointBehaviors>
</behaviors>
It looks it couldn't be achieved in web.config. But in the binding settings you can set
<security mode="Transport">
In this case endpoints will not be valid if there is no SSL required.

securing a wcf with https

I hosted a WCF .svc file in IIS 6.0 under a virtual directory secured with https. When requesting the wsdl through my browser I get a http 400 error. Here's a chunk of my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AuthWorkStation_Extranet.App_Code.AwsService" behaviorConfiguration="ServiceBehavior">
<endpoint name="" address="https://extlpo01.srr.fr/Sphinx/Service.svc" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthWorkStation_Extranet.App_Code.IAwsService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate storeName="Root" findValue="CA_SRR_DISTRIB" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
anyone knows what's wrong with my setup ?
If you just want HTTPS, you need to update your web.config. Change the following:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
To:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>

WCF problem with POSTs using ssl (https)

I currently have a webHttp binding WCF restful service, it works great over http, I can make Post of large sizes due to my webconfig settings, now I am trying to use it over https (ssl), now my gets work fine, but my posts dont, it doesnt work when the file size is over a certain amount, i was wondering why this could be since my webconfig specifies a larger size and it works good over http, here is my relevant webconfig.. any suggestions
Thanks
<system.serviceModel>
<client>
<endpoint binding="webHttpBinding" bindingConfiguration="webHttp"
contract="PrimeStreamInfoServices.IService1" name="Client" />
</client>
<bindings>
<webHttpBinding>
<binding name="webHttp" maxBufferSize="15000000" maxBufferPoolSize="15000000"
maxReceivedMessageSize="15000000">
<readerQuotas maxDepth="15000000" maxStringContentLength="10000000"
maxArrayLength="15000000" maxBytesPerRead="15000000" maxNameTableCharCount="10000000" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="string" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior"
name="PrimeStreamInfoServices.Service1">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttp" contract="PrimeStreamInfoServices.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrimeStreamInfoServices.Service1Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<!--
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="TempCa" />
-->
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
If you want to use webHttpBinding over SSL then you have configure your binding to use transport security like:
<security mode="Transport">
This link provides some details with sample config to deal with the following error:
Could not find a base address that matches scheme http for the
endpoint with binding WebHttpBinding. Registered base address schemes
are [https]
Sample config from the blog:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service name="TestService">
<endpoint address="" behaviorConfiguration="TestServiceAspNetAjaxBehavior"
binding="webHttpBinding" bindingConfiguration="webBinding" contract="TestService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>