How to enable SSL/HTTPS in WCF Service? - wcf

I want to enable SSL/HTTPS in my WCF Service.
So I have found a site of Microsoft: http://msdn.microsoft.com/en-us/library/hh556232.aspx
But it doesn't function.
Is there something missing?
This is what I have:
<system.serviceModel>
<services>
<service name="Service.Service">
<endpoint address="" binding="webHttpBinding" contract="Service.IService" bindingConfiguration="webHttpsBinding" behaviorConfiguration="restBehavior"></endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding" closeTimeout="00:00:20">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
I want to call the service from jquery. Use ajax and getjson.

Related

WCF webHttpBinding for both HTTP and HTTPS?

I'm having a really hard time finding how to host a WCF service in an IIS site that works on both HTTP and HTTPS. I've done about 10 hours of research including just about every link on StackOverflow that relates to this issue and tried many different combinations and have not yet been able to get both working at the same time. Right now only HTTPS works with the below configuration:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="http">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
<binding name="https">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="MyWcfServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>
</system.serviceModel>
I think you need to specify different endpoint "address" values in your service configuration.
For example:
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="secure" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>

Accessing WCF service on AppHarbor via https

I'm trying to secure my WCF service using transport security model. I've successfully deployed my service to AppHarbor. But I'm getting the following exception when I try to access service page:
[InvalidOperationException: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].] ...
I haven't uploaded any certificates, just using piggyback SSL there. I've downloaded the build and deployed it on my machine. It works fine.
Here is my system.serviceModel section of web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<host>
<baseAddresses>
<add baseAddress="https://auth.apphb.com/AuthService.svc" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthService.IAuthService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I've already tried this Hosting a WCF Web API app on AppHarbor?
Can somebody please explain me what I'm doing wrong?
This issue frequently appear when you communicate with the wcf web service thru the LB (AppHarbor one of the example of it).
You should know several things about such kind of communications.
1) Communication between yours client application and LB is secured (https is in use). So you should leverage security binding on the client side.
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
2) Communication between LB and web-front uses http, so server binding should be basicHttpBinding without extra configuration.
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
Summarizing all that stuff we have
Client
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://auth.apphb.com/AuthService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAuthService"
contract="AuthService.IAuthService" name="BasicHttpBinding_IAuthService" />
</client>
</system.serviceModel>
</configuration>
Server
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
</protocolMapping>
<bindings>
<basicHttpBinding/>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Your approach is not going to work right off the bat. This is because SSL is terminated at the load balancers and the app servers see http traffic. You can read more about AppHarbor load balancers here.
You might be able to fool WCF with this module.
There are also some hints in this discussion: http://support.appharbor.com/discussions/problems/829-transportwithmessagecredential-https-ssl

WCF + SSL/HTTPS in IIS(6). How to disable HTTP access in web.config?

I have a WCF app hosted in IIS6 (and 7 in dev environment) with one wsHttp (SOAP) and two webHttp (REST) bindings.
I want to secure the services when publishing to production site and disable metadata and webHttp help page and ENABLE SSL for the bindings. At the same time i would like to have HTTP disabled. I'm aware of the option in IIS to "Require Secure Channel" but I was wondering if the same can be achieved in web.config?
I was under the impression that
<security mode="Transport">
would "disable" http access (ie. https required) but in my case it didn't.
Her is the ServiceModel part of web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SoapTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
<message establishSecurityContext="false"/>
</security>
</binding>
</wsHttpBinding>
<webHttpBinding>
<binding name="RestTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="CustomerWcfService" behaviorConfiguration="Web.ServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="SoapTransportSecurityBinding" contract="ICustomerWcfService">
<identity>
<dns value="ws.somecompany.com"/>
</identity>
</endpoint>
</service>
<service name="SentShipmentsWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="ISentShipmentsWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
<service name="InsuranceInfoWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="IInsuranceInfoWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Web.ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="webHttpServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="RestEndpointBehavior">
<webHttp helpEnabled="false"/>
</behavior>
</endpointBehaviors>
</behaviors>
It looks it couldn't be achieved in web.config. But in the binding settings you can set
<security mode="Transport">
In this case endpoints will not be valid if there is no SSL required.

securing a wcf with https

I hosted a WCF .svc file in IIS 6.0 under a virtual directory secured with https. When requesting the wsdl through my browser I get a http 400 error. Here's a chunk of my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AuthWorkStation_Extranet.App_Code.AwsService" behaviorConfiguration="ServiceBehavior">
<endpoint name="" address="https://extlpo01.srr.fr/Sphinx/Service.svc" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthWorkStation_Extranet.App_Code.IAwsService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate storeName="Root" findValue="CA_SRR_DISTRIB" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
anyone knows what's wrong with my setup ?
If you just want HTTPS, you need to update your web.config. Change the following:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
To:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>

WCF problem with POSTs using ssl (https)

I currently have a webHttp binding WCF restful service, it works great over http, I can make Post of large sizes due to my webconfig settings, now I am trying to use it over https (ssl), now my gets work fine, but my posts dont, it doesnt work when the file size is over a certain amount, i was wondering why this could be since my webconfig specifies a larger size and it works good over http, here is my relevant webconfig.. any suggestions
Thanks
<system.serviceModel>
<client>
<endpoint binding="webHttpBinding" bindingConfiguration="webHttp"
contract="PrimeStreamInfoServices.IService1" name="Client" />
</client>
<bindings>
<webHttpBinding>
<binding name="webHttp" maxBufferSize="15000000" maxBufferPoolSize="15000000"
maxReceivedMessageSize="15000000">
<readerQuotas maxDepth="15000000" maxStringContentLength="10000000"
maxArrayLength="15000000" maxBytesPerRead="15000000" maxNameTableCharCount="10000000" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="string" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior"
name="PrimeStreamInfoServices.Service1">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttp" contract="PrimeStreamInfoServices.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrimeStreamInfoServices.Service1Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<!--
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="TempCa" />
-->
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
If you want to use webHttpBinding over SSL then you have configure your binding to use transport security like:
<security mode="Transport">
This link provides some details with sample config to deal with the following error:
Could not find a base address that matches scheme http for the
endpoint with binding WebHttpBinding. Registered base address schemes
are [https]
Sample config from the blog:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service name="TestService">
<endpoint address="" behaviorConfiguration="TestServiceAspNetAjaxBehavior"
binding="webHttpBinding" bindingConfiguration="webBinding" contract="TestService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>