Search...

Thursday, July 11, 2013

Configure an IIS-hosted WCF service with SSL

Creating a Self-Signed Certificate

Step 1:Open Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. On the right-hand side of the screen select Server Certificates


Step 2: In the Server Certificates window click the Create Self-Signed Certificate…. Link.


Step 3: Enter a friendly name for the self-signed certificate and click OK.





The newly created self-signed certificate details are now shown in the Server Certificates window.


The generated certificate is installed in the Trusted Root Certification Authorities store.

Step 4:  Expand the Sites folder and then the Default Web Site folder in the tree view on the left-hand side of the screen, Click the Bindings…. Link in the Actions section in the upper right hand portion of the window.



Step 5: Configure Virtual Directory for SSL 

Select the virtual directory that contains your WCF secure service, Select SSL Settings in the IIS section.


In the SSL Settings pane, select the Require SSL checkbox and click the Apply link in the Actions section on the right hand side of the screen.



Step 6: Configure Virtual Directory for Authentication  

In the SSL Setting pane, select Authentication and click the Open Feature link



Select Windows Authentication and select Enable



Step 7: Configure WCF Service for HTTP Transport Security

In the WCF service’s web.config configure the HTTP binding to use transport security as shown in the following XML.

    <bindings>
      <basicHttpBinding>
        <binding name="ssl">
          <security mode="Transport">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

Specify your service and service endpoint as shown in the following XML.

<services>
      <service name="WCFWithSSL.Service1">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/SSL"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="ssl" contract="WCFWithSSL.IService1"/>
      </service>
    </services>

The following is a complete example of a web.config file for a WCF service using HTTP transport security

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WCFWithSSL.Service1">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/SSL"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="ssl" contract="WCFWithSSL.IService1"/>
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="ssl">
          <security mode="Transport">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata  httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
  
</configuration>

Step 7: Brows your application from SSL

No comments: