This is the seventh post in the WCF 4.5 series. In previous posts, we’ve examined two new security features of WCF 4.5 and IIS – multiple client credentials support, and default HTTPS endpoint support, both new features are IIS-specific (or to be more exact, web hosting specific). In this post, we will look into a new security configuration option in WCF 4.5 – the
- What’s new in WCF 4.5? Let’s start with WCF configuration
- What’s new in WCF 4.5? A single WSDL file
- What’s new in WCF 4.5? Configuration tooltips and intellisense in config files
- What’s new in WCF 4.5? Configuration validations
- What’s new in WCF 4.5? Multiple authentication support on a single endpoint in IIS
- What’s new in WCF 4.5? Automatic HTTPS endpoint for IIS
Transport security is supported in WCF since day 1, and you can configure it by setting the security mode of your binding:
Declaring transport security based endpoints is quite an easy task in WCF, but does require writing some binding configuration in the config file. WCF 4.5 helps reduce the amount of configuration by adding a new type of binding – basicHttpsBinding.
basicHttpsBinding is similar to
basicHttpBinding, only it has the following defaults:
- Security mode = Transport
- Client credential type = None
Setting up an endpoint with a
basicHttps binding is quite simple:
<add baseAddress =
<add baseAddress =
<endpoint address="" binding="basicHttpBinding" contract="WcfServiceLibrary1.IService1"/>
<endpoint address="" binding="basicHttpsBinding" contract="WcfServiceLibrary1.IService1"/>
If you want to change the default client credential type for the secured endpoints, you will need to create a binding configuration for the secured endpoint:
Note: Since this is a secured binding, the security mode can be either
TransportCredentialOnly is not supported for this type of binding.
Stay tuned for more posts about the new features of WCF 4.5. You can also follow me on Twitter (@IdoFlatow) to get updates as soon as new posts are published.
The RTM of .NET 4.5 is still to come, and I assume many of you are still adjusting to WCF 4. If you want to learn more about the new features of WCF 4, come to my session at Visual Studio Live! 2011 in Redmond (October 17-21).
Also, if you are an MCT and reside in the US, come hear my session about WCF 4 at the MCT 2011 North-America Summit that will be held in San-Francisco (October 19-21).
Web developer since 1997. I'm a senior architect at Sela Group in Israel. I'm a consultant, trainer (Microsoft MCT), and a speaker in conferences worldwide.
My main fields are WCF, ASP.NET, Windows Azure, IIS, Entity Framework, and Silverlight.