Click here to Skip to main content
Click here to Skip to main content

7 simple steps to enable HTTPS on WCF WsHttp bindings

, 24 May 2009 CPOL
Rate this:
Please Sign up or sign in to vote.
7 simple steps to enable HTTPS on WCF WsHttp bindings
This is an old version of the currently published article.

7 simple steps to enable HTTPS on WCF WsHttp bindings

Introduction and Goal

Step 1:- Create a simple service using WCF project

Step 2 :- Enable transport level security in the web.config file of the service

Step 3:- Tie up the binding and specify HTTPS configuration

Step 4:- Make the web application HTTPS enabled

Step 5:- Consume the service in a web application

Step 6:- Suppress the HTTPS errors

Step 7:- Enjoy success

Source code

 

Introduction and Goal
 

When we talk about WCF security there are two ways one is the transport level security and the other is message level security. Transport level security is nothing but built in security by protocols itself. In message level security we need to encrypt the data, in other words security is injected in the data itself.
In this article we will look in to how we can implement transport level security using WsHttp bindings. We do not need to do extra development for transport level security because it’s more of the protocols inherent security model. In this article we will implement WsHttp using HTTPS as transport security.

I have collected around 400 FAQ questions and answers in WCF, WPF, WWF, SharePoint, design patterns, UML etc. Feel free to download these FAQ PDF’s from my site http://www.questpond.com .
 

Step 1:- Create a simple service using WCF project


The first step is to create a simple WCF project. So click on new project and select WCF service project. By default WCF project creates a default function ‘GetData()’. We will be using the same function for this sample.
 

public class Service1 : IService1
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
public CompositeType GetDataUsingDataContract(CompositeType composite)
{
if (composite.BoolValue)
{
composite.StringValue += "Suffix";
}
return composite;
}
}

Step 2 :- Enable transport level security in the web.config file of the service
 

Next step is to enable transport security in WsHttp binding. This is done using the ‘Security’ XML tag as shown in the below code snippet.

<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>

Step 3:- Tie up the binding and specify HTTPS configuration
 

We need now tie up the bindings with the end points. So use the ‘bindingConfiguration’ tag to specify the binding name. We also need to specify the address where the service is hosted. Please note the HTTS in the address tag.

Change ‘mexHttpBinding’ to ‘mexHttpsBinding’ in the second end point.
 

<service name="WCFWSHttps.Service1" behaviorConfiguration="WCFWSHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="https://localhost/WCFWSHttps/Service1.svc" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WCFWSHttps.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>

In the ‘serviceMetadata’ we also need to change ‘httpGetEnabled’ to ‘httpsGetEnabled’.
 

<serviceBehaviors>
........
.........
<serviceMetadata httpsGetEnabled="true"/>
.........
.........
</serviceBehaviors>

Step 4:- Make the web application HTTPS enabled
 

Now that we are done with the WCF service project creation and the necessary configuration changes are done. It’s time to compile the WCF service project and host the same in IIS application with HTTPS enabled.

We will be using ‘makecert.exe’ which is a free tool given by Microsoft to enable HTTPS for testing purpose. MakeCert (Makecert.exe) is a command-line tool that creates an X.509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.

You can get the same from “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin” or you can also get it from windows SDK.

You can type the below thing through your dos prompt on “C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin”. Please note “compaq-jzp37md0” is the server name so you need to replace with your PC name.
 

makecert -r -pe -n "CN= compaq-jzp37md0 " -b 01/01/2000 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
 

If you run the same through your command prompt you should get a succeeded message as shown below.
 

Now it’s time to assign this certificate to your IIS website. So go to IIS properties , click on directory security tab and you should see server certificate tab.

So click on the server certificate tab and you will then be walked through an IIS certificate wizard. Click ‘Assign a existing certificate’ from the wizard.

You can see a list of certificates. The “compaq-jzp37md0” certificate is the one which we just created using ‘makecert.exe’.

Now try to test the site without ‘https’ and you will get an error as shown below….That means your certificate is working.

Do not forget to enable IIS anonymous access.
 

Step 5:- Consume the service in a web application
 

It’s time to consume the service application in ASP.NET web. So click on add service reference and specify your service URL. You will shown a warning box as shown in the below figure. When we used makecert.exe we did not specify the host name as the service URL. So just let it go.
 

Step 6:- Suppress the HTTPS errors
 

‘makecert.exe’ creates test certificates. In other words it’s not signed by CA. So we need to suppress those errors in our ASP.NET client consumer. So we have created a function called as ‘IgnoreCertificateErrorHandler’ which return true even if there are errors. This function is attached as a callback to ‘ServicePointManager.ServerCertificateValidationCallback’.

In the same code you can also see service consuming code which calls the ‘GetData’ function.
 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using WebApplicationConsumer.ServiceReference1;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

namespace WebApplicationConsumer
{
public partial class _Default : System.Web.UI.Page
{

protected void Page_Load(object sender, EventArgs e)
{
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(IgnoreCertificateErrorHandler); 
Service1Client obj = new Service1Client();
Response.Write(obj.GetData(12));
}
public static bool IgnoreCertificateErrorHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
}
}

Step 7:- Enjoy success
 

Now to the easiest step, compile you ASP.NET client and enjoy success.
 

Source code
 

We have also attached source code which has both the client and service
 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Shivprasad koirala
Architect http://www.questpond.com
India India

I am a Microsoft MVP for ASP/ASP.NET and currently a CEO of a small
E-learning company in India. We are very much active in making training videos ,
writing books and corporate trainings. Do visit my site for 
.NET, C# , design pattern , WCF , Silverlight
, LINQ , ASP.NET , ADO.NET , Sharepoint , UML , SQL Server  training 
and Interview questions and answers


Comments and Discussions


Discussions posted for the Published version of this article. Posting a message here will take you to the publicly available article in order to continue your conversation in public.
 
Questionself hosted application (Console application) PinmemberM Asif Junaid26-Jun-14 20:34 
QuestionThank you , all types of clients can consume this service ? PinmemberSreenivasN16-Aug-12 1:16 
GeneralGreat! PinmemberAngieLeigh30-Jul-12 5:38 
QuestionIt doesn't seem to work properly ... Pinmemberyuriiv22-Apr-12 3:21 
QuestionExcellent! PinmemberWolfram Steinke13-Feb-12 19:42 
Questionhosted on windows service Pinmemberdheenadhayalan24-Jan-12 1:52 
GeneralMy vote of 5 Pinmemberlokeshsony23-Dec-11 2:14 
GeneralMy vote of 4 PinmemberPetr Abdulin19-Oct-11 23:06 
GeneralCould not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'. PinmemberYogesh Potdar1-Jun-11 5:18 
GeneralHow we can use Cretificate on HTTPS Site without Suppressing their Errors Pinmemberarvindbksc11-May-11 21:43 
GeneralRe: How we can use Cretificate on HTTPS Site without Suppressing their Errors PinmvpShivprasad koirala12-May-11 0:55 
GeneralCannot find the X.509 certificate PinmemberABlokha7728-Mar-11 6:18 
GeneralThank you, just what I needed! Pinmemberutahkay211-Sep-10 15:10 
GeneralSource Code Pinmembermsmorgan15-Jul-10 11:08 
GeneralRe: Source Code Pinmemberii_noname_ii28-Jan-11 3:11 
GeneralMy vote of 2 PinmemberVINH TRAN29-Jul-09 11:08 
QuestionWCF service is hosted outside of IIS PinmemberJeffOstrosser2-Jun-09 8:53 
GeneralIgnoring certificate warnings should not be in production code PinmemberQistoph24-May-09 23:56 
GeneralRe: Ignoring certificate warnings should not be in production code PinmemberShivprasad koirala25-May-09 0:36 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.141216.1 | Last Updated 25 May 2009
Article Copyright 2009 by Shivprasad koirala
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid