webHttpBinding WCF service responds over HTTP but not HTTPS

Question

I am developing a WCF restfull service on my machine and when I hit the HTTP service endpoint the service responded as expected. However, when I hit the HTTPS endpoint I get a 404 Not Found back.

The Https call does not fire the CustomAuthorizationManager that has been implemented as the serviceAuthorizationManagerType

Any idea why this is not working? Why is it allowing HTTP traffic when the base address is HTTPS?

HTTP response

HTTPS response

Web.config

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="TransportCredentialOnly">
            <!--Basic authentication is NOT supported when running webHttpBinding through IIS
            see - http://blogs.msdn.com/b/phenning/archive/2008/01/11/custom-usernamepassword-validators-in-net-framework-3-5.aspx
            and a resolution - http://allen-conway-dotnet.blogspot.co.uk/2012/07/using-basic-authentication-in-rest.html-->
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="restfulBehavior" name="Chubb.SurveyRecommendations.Service.SurveyRecommendationsService">
        <!--webHttpBinding allows exposing service methods in a RESTful manner-->
        <endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpTransportSecurity" behaviorConfiguration="webHttpBehavior" contract="Chubb.SurveyRecommendations.Service.ISurveyRecommendations"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:44300/"/>
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="restfulBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceAuthorization serviceAuthorizationManagerType="Chubb.SurveyRecommendations.Service.Security.CustomAuthorizationManager, Chubb.SurveyRecommendations.Service"/>
        </behavior>
      </serviceBehaviors>
      <!--Required default endpoint behavior when using webHttpBinding-->
      <endpointBehaviors>
        <behavior name="webHttpBehavior">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

Contract

    [OperationContract]
    [WebGet(UriTemplate = "Echo/{value}", BodyStyle = WebMessageBodyStyle.Bare, RequestFormat = WebMessageFormat.Xml, ResponseFormat = WebMessageFormat.Xml)]
    string Echo(string value);

Service

public class SurveyRecommendationsService : ISurveyRecommendations
{
    public string Echo(string value)
    {
        if (string.IsNullOrWhiteSpace(value))
            return string.Empty;

        return value;
    }
}

Answer 1

OK, the problem was with the binding.

security mode="TransportCredentialOnly" was specified which does not provide full transport (HTTPS) secuirty.

I changed the value back to security mode="Transport" and it worked as anticipated.

Details can be found in this MSDN article

None - Indicates no security is used with HTTP requests.

Transport - Indicates that transport-level security is used with HTTP requests.

TransportCredentialOnly - Indicates that only HTTP-based client authentication is provided.