How to get wcf communiction ONLY over Https
Question
I want to have a WCF service with all requests being autenticated, authorised and send only over the https. I generated a certificate for SLL. For development I'm using ISS Express. Also in web.config I turn any http option to false. But still in generated WSDL and when I'm using WCFStorm for checking the service methods it still uses http://localhost:1947 instead of https://localhost:44300 I declared. What I need to change to be sure that all communication will go over the https? Here is my web.config file:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="secureBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="AF.Services.AFService" behaviorConfiguration="AFServiceBehavior">
<endpoint address="AFService.svc"
binding="wsHttpBinding"
contract="AF.Common.Services.IAFService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AFServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="AFCert"
x509FindType="FindBySubjectName" storeLocation="LocalMachine"
storeName="My" />
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="AF.Services.UserValidator, AF.Services" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<!-- TODO zmienić przed deployem!!-->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
The web page describing how to use the service is accesible only through the 44300 https port.
1 answers
solution1
1 ACCPTED 2013-12-16 00:57:10
Taking a look at How to: Use Transport Security and Message Credentials in the Using Configuration section, it appears that you need the following security settings in your binding configuration:
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
So your complete binding configuration would look like this:
<wsHttpBinding>
<binding name="secureBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
Also note that you don't actually assign your defined binding to your endpoint, so currently you're getting the default values for wsHttpBinding (the default for security mode is "Message"). You can assign the binding configuration above through the bindingConfiguration attribute on the endpoint element:
<services>
<service name="AF.Services.AFService" behaviorConfiguration="AFServiceBehavior">
<endpoint address="AFService.svc"
binding="wsHttpBinding"
bindingConfiguration="secureBinding"
contract="AF.Common.Services.IAFService" />
</service>
</services>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.