WCF Security

1. Add foolowing tag to web.config

 <bindings >
      <webHttpBinding >
        <binding name="TransportSecurity">
          <security mode ="Transport">
            <transport clientCredentialType ="None"/>
          </security> </binding>
      </webHttpBinding>
    </bindings>

2. Tie up the binding and specify HTTPS configuration

We need now tie up the bindings with the end points. So use the ‘bindingConfiguration’ tag to specify the binding name. We also need to specify the address where the service is hosted. Please note the HTTS in the address tag.

Change ‘mexHttpBinding’ to ‘mexHttpsBinding’ in the second end point.

<service name="WCFWSHttps.Service1" behaviorConfiguration="WCFWSHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="https://localhost/WCFWSHttps/Service1.svc" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WCFWSHttps.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>

In the ‘serviceMetadata’ we also need to change ‘httpGetEnabled’ to ‘httpsGetEnabled’.

<serviceBehaviors>
........
.........
<serviceMetadata httpsGetEnabled="true"/>
.........
.........
</serviceBehaviors>

3.

Make the web application HTTPS enabled

 

So click on the server certificate tab and you will then be walked through an IIS certificate wizard. Click ‘Assign a existing certificate’ from the wizard

You can see a list of certificates. The  certificate is the one which we just created using ‘makecert.exe’.

Suppress the HTTPS errors

using System.Net.Security;
using System.Security.Cryptography.X509Certificates;