I have WCf service hosted in windows service.
I would want to know how would i make service accessible only through SSL and use certificate provided by certificate issuer(Godaddy,verisign etc).
If you created a WCF-Service you'll be forced to use an Windows IIS Server to host your application. When using an IIS, you can specify the Port and an SSL-Certificate.
To do this, just
add a new Website to your IIS. Make sure, you are using an application pool that supports .NET Framework 4.0.
copy your compiled WCF-Service and all references/files that your services needs to the associated IIS-Site-Folder
Configure the Bindings of this IIS Page. You need an imported SSL-Certificate at this point. If you already imported it, you can choose it from a ListBox within the Bindings-Dialog.
Within that dialog, you can specify the port
Make sure you've opened that port on your firewall
If you delete other bindings (meaning all HTTP Bindings), you can make sure that your service is only reachable through SSL and your specific port.
If you need cheap, good and multidomain/wildcard certificates, please check out StartSSL. In my opinion, they serve you the best.
You can find more information about IIS Configuration here.
Related
We're using Octopus Deploy and its "IIS web site and application pool" process feature to deploy our ASP.NET MVC app to IIS. It's working great.
Now, we would like to enable SNI for the HTTPS binding. Octopus Deploy doesn't seem to provide a built-in checkbox for this. How could we customize the Octopus Deploy's IIS deployment so that the SNI is enabled automatically?
If it makes things easier, it's OK for us if Octopus Deploy automatically enables SNI for all the HTTPS bindings, we don't need a setting for it.
For anyone still looking for a solution on this, at this time of writing, octopus now offers this exact feature on the "deploy an IIS Website step template, right on the bingings section, you can create https 443 bindings where you can specify a cert and check the "require sni" option, to automatically deploy certs per each virtual host.
This isn't currently possible to do with the built-in IIS configuration feature; instead, you could use a custom PowerShell script (PostDeploy.ps1 in your package, for example) to make the appropriate changes. I've logged a work item here to add it when we next revisit IIS configuration:
https://github.com/OctopusDeploy/Issues/issues/430
Does anyone know if it the IT-Hit WebDav Server (http://www.webdavsystem.com/server) can accept and check client certificates? Perhaps it is something that IIS does for the product when deployed in an IIS?
IT Hit WebDAV Server is based on IIS or HttpListener (two different implementations).
IIS supports client certificates, this means WebDAV Server based on IIS will work fine. All you need to do is setup your IIS.
As I see from this question HttpListener supports client certificates too. If you are missing something to make it work (can not reach some property for example), please contact me.
I have a web service that will only be called from the same box. In IIS 7 I have used named pipe endpoints for security and speed. the project I am working on now has the same requirements but will be on server 2003 IIS 6. What are my options to restrict access to only the local machine? Thanks!
IIS6 only supports http and wshttp protocols. You could run your WCF in a Windows Service and control everything as you do now (however that may be). There are tons of ways to secure it as well.
Self Signed certificates between the two (popular over the internet)
Windows Authentication and control list (easy on same network/domain)
UserName Password (also easy).
But if you have it working now, I would attempt to rehost into a Windows Service, which should not take away your current functionality.
You should know by the way that if use named pipes over a network, it is actually just remoting via TCP.
Can somebody help me.
I just developed a WCF Service Application on my pc, and everything works fine when I run it on localhost!
But now I want to host this project on my IIS7 where I already have a website. I would Like to host my WCF in this website, because I would like to use the same hostname and IP Address, is this possible ?? I dont know if I can Add a Application in the website or something like that.
If this is possible how can I do this???
Please Help me.
Yes, you can host your application in your IIS website, even if it has a website installed on it. You need to create a new application in that website.
First of all, you need to make sure your service has a .svc file that points to the location of the service, copy the contents of your App.Config (Service config file) to a new web.config (in the same physical directory as your App.config) and also remove the <host><baseAddresses> section in the newly created web.config, point the physical path of the application to the location of this service on your computer. Once that's taken care of, just be sure to edit the default website bindings to enable the specific bindings your service uses, for example if your service has netTcpBinding then go to: Website -> 'Edit Bindings...' -> 'Add...' then choose the applicable protocol and assign it the ports. Then on your application go to 'Advanced Settings' and enable the respective protocol, for example your netTcpBinding service will typically have http,net.tcp as it's enabled protocols. and you're set. If you run into teething errors make sure the default app pool (or which ever application pool your website is using) has the required permissions to access and read the physical directory on your computer in which the service resides.
This is probably a basic networking issue, but I am new to this stuff and just do not know the answer.
I have written a wcf service and client. I can use one of the http bindings and get the service to work correctly when I put my machine's network IP address as the endpoint address and run the client and server from the same machine. Now, I want to be able to connect to this service from a different machine over the internet. Clearly it does not work when I use my network IP address in this scenario, but simply putting in my router's broadband IP address does not seem to be doing the trick, either. Am I just missing a firewall port that I need to open up, or am I trying to do something that should not be possible?
If you want users from the internet to be able to connect to your service, you'll have to consider a few points:
binding: the lowest common denominator is the basicHttpBinding which is SOAP 1.1 with basically no additional features available - just like ASMX webservices. Just about anyone can connect to that. For more advanced clients, you might also want to expose a wsHttpBinding endpoint on your service
security: how (if at all) do you want to secure access to your web service? Do you have username/password credentials that callers must supply? Check out the WCF Security Guidance for a whole slew of information bits on the various security scenarios
authenticating your service: typically, you should strive to make your service authenticate itself to the rest of the world - this requires a server certificate and enables secured communication (messages signed + encrypted) on the wire
make sure your service endpoint(s) is reachable from the internet, through all firewalls and proxies and everything :-)
Hope that helps a bit!
You need to set up port forwarding on your router. Perhaps someone on ServerFault or SuperUser would be able to help you. Or even a google search now that you know what it's called. The instructions will be different depending on the router. The port you need to forward will be the port you've picked in the WCF config file.
I host WCF services through IIS, but it took me ages to work out how. At the moment I put the files on the webserver and enable websharing on the root folder. Then you can assign them to an appropriate Application Pool in IIS, and add a service reference to any client projects using the URL of the wsdl.
I'm not sure if this is the best way to do it but its the only way I've worked out so far.
Here's the simple solution.
I am assuming that you have made a working WCF application and hosted over the IIS.
The next thing to do is to browse the application from the IIS. It will give you url in the address bar something like:
http://localhost/myservice/service.svc
Next go to www.whatismyip.com. this will give you your system's WAN IP (say, 45.34.56.200).
Replace the URL you got in step 2 with: http://45.34.56.200/myservice/service.svc
Now you can use this URL any where in this world to consume your service.
I found a good Article and it is working fine for me, on the following the Main steps:
1-First you should create WCF Service.
2-add application on IIS and give alias for your virtual directory and set path from your local drive.
3-Make sure your default app pool set to .NET CLR V4.0.
4-test your WCF service is running successfully on localhost.
5-To access the same via LAN (Local Area Network) you must disable Firewall for you Private network.
6- try to use ngrok.com, you will get Temp URL to use via internet to access your LocalHost anywhere.
Then Everything will be fine.
For More Information Check the following Link:
https://www.codeproject.com/Tips/813650/Host-WCF-on-LocalHost-and-access-via-Internet