WCF and SSL

Discussion in 'ASP.NET WebServices' started by Alan, Mar 24, 2011.

  1. Reference: Tutorial: How to host a WCF service on DASP

    Greetings Community –
    I am deploying my first WS. Following the instructions in the Tutorial link above I was quite successful in deploying the service with little change. Below is the web.Config for .NET 3.5:

    ===========================
    Code:
    <?xml version="1.0"?>
    <configuration>
    	<system.serviceModel>
    		<services>
    			<service behaviorConfiguration="ServiceBehavior" name="EvalServiceLibrary.EvalServiceImplementationOfContract">
    				<endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="" contract="EvalServiceLibrary.IEvalServiceInterfaceContract"/>
    				<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
    			</service>
    		</services>
    
    <!-- this web.Config works for regular http -->
    		<serviceHostingEnvironment>
    			<baseAddressPrefixFilters>
    				<!--<add prefix="http://wagnerlab.com"/>-->
    				<add prefix="http://www.mydomain/subdir"/>
    			</baseAddressPrefixFilters>
    		</serviceHostingEnvironment>
    		<behaviors>
    			<serviceBehaviors>
    				<behavior name="ServiceBehavior">
    					<serviceMetadata httpGetEnabled="true"/>
    					<serviceDebug includeExceptionDetailInFaults="false"/>
    				</behavior>
    			</serviceBehaviors>
    		</behaviors>
    	</system.serviceModel>
    	<system.web>
    		<!--<compilation targetFramework="4.0" debug="true"/>-->
    		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
    	</system.web>
    </configuration>
    ===========================

    This config works fine :)

    Recently I installed an SSL certificate and would like to make use of it for this example. Imagine the certificate is registered for something like “safe.mydomain.com”. Following the lead of other examples I reconfigured the web.Config in the following manner:

    ===========================
    Code:
    <?xml version="1.0"?>
    <configuration>
    	<system.serviceModel>
    		<services>
    			<service behaviorConfiguration="ServiceBehavior" name="EvalServiceLibrary.EvalServiceImplementationOfContract">
    				<endpoint address="https://safe.mydomain.com/subdir/EvalServiceWebSite/EvalService.svc" 
                      binding="basicHttpBinding" 
                      bindingConfiguration="Binding" 
                      contract="EvalServiceLibrary.IEvalServiceInterfaceContract"/>
            <host>
              <baseAddresses>
                <add baseAddress="https://safe.mydomain.com/subdir/EvalServiceWebSite/EvalService.svc"/>
              </baseAddresses>
            </host>
    
            <!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>-->
    			</service>
    		</services>
        <!-- .NET 4.0 -->
        <!--<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />-->
        <!-- .NET 3.5 -->
        <serviceHostingEnvironment>
    			<baseAddressPrefixFilters>
    				<add prefix="http://www.mydomain.com"/>
    			</baseAddressPrefixFilters>
    		</serviceHostingEnvironment>
        
    		<behaviors>
    			<serviceBehaviors>
    				<behavior name="ServiceBehavior">
    					<serviceMetadata httpsGetEnabled="true"
                      httpsGetUrl="https://safe.mydomain.com/subdir/EvalServiceWebSite/EvalService.svc" />
    					<serviceDebug includeExceptionDetailInFaults="true"/>
    				</behavior>
    			</serviceBehaviors>
    		</behaviors>
    
        <bindings>
          <basicHttpBinding>
            <binding name="Binding">
              <security mode="Transport">
                <transport clientCredentialType="None"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
    
    
      </system.serviceModel>
    	<system.web>
    		<!--<compilation targetFramework="4.0" debug="true"/>-->
    		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
    	</system.web>
    </configuration>
    ===========================

    I have tried changing the value of baseAddressPrefixFilters: The whole address, the root, the SSL root, etc – generating these types of errors:

    • "This collection already contains an address with scheme http"
    • A registration already exists for URI 'https://web707.dotnetplayground.com/clients/EvalServiceWebSite/EvalService.svc'.

    I am at a loss on how to proceed.
    Little help please, Alan :confused:
     
  2. OK, I resolved the issue after some diligence:

    Ref: How to: Enable the WCF Authentication Service


    Note that I am limited to .NET 3.5 framework; Using this article as a guide I simplified my web.Config into the following:

    ===========================

    Code:
    <?xml version="1.0"?>
    <configuration>
      <system.web.extensions>
        <scripting>
          <webServices>
            <authenticationService enabled="true"
               requireSSL = "true"/>
          </webServices>
        </scripting>
      </system.web.extensions>
    
      <system.serviceModel>
    		<services>
    			<service behaviorConfiguration="ServiceBehavior" name="EvalServiceLibrary.EvalServiceImplementationOfContract">
    				<endpoint 
                      binding="basicHttpBinding" 
                      bindingConfiguration="userHttps"
                      bindingNamespace="http://www.mydomian.com/subdir/EvalServiceWebSite"
                      contract="EvalServiceLibrary.IEvalServiceInterfaceContract"/>
            <!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>-->
    			</service>
    		</services>
        <bindings>
          <basicHttpBinding>
            <binding name="userHttps">
              <security mode="Transport">
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
    
        <!-- .NET 4.0 -->
        <!--<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />-->
        <!-- .NET 3.5 -->
        <serviceHostingEnvironment>
    			<baseAddressPrefixFilters>
    				<add prefix="http://www.mydomian.com"/>
    			</baseAddressPrefixFilters>
    		</serviceHostingEnvironment>
        
    		<behaviors>
    			<serviceBehaviors>
    				<behavior name="ServiceBehavior">
    					<serviceMetadata httpGetEnabled="true" />
    					<serviceDebug includeExceptionDetailInFaults="true"/>
    				</behavior>
    			</serviceBehaviors>
    		</behaviors>
    
    
      </system.serviceModel>
    	<system.web>
    		<!--<compilation targetFramework="4.0" debug="true"/>-->
    		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
    	</system.web>
    </configuration>
    ===========================

    Now when I select http://www.mydomain.com/subdir/EvalServiceWebSite/EvalService.svc the browser automatically switches over to https://safe.mydomain.com/subdir/EvalServiceWebSite/EvalService.svc

    One other note:
    When executing the WcfTestClient.exe the client config file was corrupted – pointing to another location. This was resolved y editing the config file and redirecting it to the HTTPS address.

    Conclusion:
    Web service works via browser, as does the client. :)

    ~Alan
     

Share This Page