Click here to Skip to main content
15,394,559 members
Articles / Web Development / ASP.NET
Posted 3 May 2007


41 bookmarked

WCF Transport Layer Security using wsHttpBinding and SSL

Rate me:
Please Sign up or sign in to vote.
2.58/5 (8 votes)
3 May 2007CPOL3 min read
WCF Webservice on IIS6.0 using SSL


This article is useful for developers who are interested in implementing WCF webservice using transport layer security and SSL configured on IIS6.0. Those who do not have a good idea about WCF can read more about it here and here.

Using the code

You can go through the web.config file in the project folders which I have uploaded.

   <service behaviorConfiguration="returnFaults" name="TestService.Service">
      <endpoint binding="wsHttpBinding" bindingConfiguration=
            "TransportSecurity" contract="TestService.IService"/>
      <endpoint address="mex" binding="mexHttpsBinding" 
            name="MetadataBinding" contract="IMetadataExchange"/>
    <behavior name="returnFaults">
     <serviceDebug includeExceptionDetailInFaults="true"/>
       <serviceMetadata httpsGetEnabled="true"/>
       <binding name="TransportSecurity">
             <security mode="Transport">
              <transport clientCredentialType="None"/>
  <messageLogging logEntireMessage="true" 
    maxMessagesToLog="300" logMessagesAtServiceLevel="true" 
    logMalformedMessages="true" logMessagesAtTransportLevel="true"/>

//Contract Description
interface IService
   string TestCall();

public class Service:IService
  public string TestCall()
      return "You just called a WCF webservice On SSL
                    (Transport Layer Security)";

//Tracing and message logging
      <source name="System.ServiceModel" 
    switchValue="Information,ActivityTracing" propagateActivity="true">
           <add name="xml"/>
        <source name="System.ServiceModel.MessageLogging">
            <add name="xml"/>
          <add initializeData="C:\Service.svclog" 
        type="System.Diagnostics.XmlWriterTraceListener" name="xml"/>
       <trace autoflush="true"/>

In the above ServiceModel configuration, there are two end points:

  1. One with contract TestService.IService: In this, binding is configured to have transport layer security , see inside the <bindings> tag. So SSL has to be configured on IIS.

  2. One with contract IMetadataExchange: this is also configured to an HTTPS call. If you see the binding it is mexHttpsBinding, and in the service behaviors section, httpsGetEnabled is used, here I tried to even secure the metadata publishing through WSDL.

To configure this Web.config file you can use SvcConfigEditor.exe which is located in
C:\program files\microsoft sdks\windows\v6.0\bin\svcconfigeditor.exe

If you try to run the code from Visual Studio then you get an exception as shown below:
"Could not find a base address that matches scheme HTTPS for the endpoint with binding WSHttpBinding. Registered base address schemes are [HTTP]."

So first configure the website on SSL. To get an idea on how to configure SSL, you can go through this. Make sure that when you configure the SSL, the certificate CN value should be exactly the same as the URL of the website. For example, if your webservice address is http:\\, then issue a certificate on the name : CN = http:\\

Don't forget to host an entry in the hosts file c:\windows\system32\drivers\etc\hosts. If you want to put this on localhost then just enter the following in the host file

Configure as the header value in the website properties on port 80. Once you are done with SSL, you will access the webservice through the web browser as On this page you will have the HTTPS URL for WSDL .

I have even enabled tracing and message logging on the webservice. To view the service log just use svctraceviewer.exe by loading service.log file in this. See the <system.diagnostics> tag above

Note that I have not put any certificates to run this sample. So if you want to run this sample, then generate a certificate, install it on IIS as per the instructions above and run it though the browser. To get an idea how to generate self certificates for testing purposes just go through this link.

To run this project you need to have IIS 6.0 on your machine. On IIS 5.0 also you can do that, but it needs to be configured to run WCF services.

Hope this article helps you get a good idea about WCF transport layer security and SSL. If you have any question or comments please email me, I would really appreciate it. Thanks.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Mohan Pindyala
Software Developer (Senior) Rovi Corporation
United States United States
Working on web services , Web services security , SAML2.0,WSE, WCF and Ajax Applications .

Comments and Discussions

GeneralMy vote of 1 Pin
Philip Murray11-Jun-14 4:12
MemberPhilip Murray11-Jun-14 4:12 
GeneralMy vote of 5 Pin
Member 82049152-Nov-11 21:11
MemberMember 82049152-Nov-11 21:11 
GeneralMy vote of 1 Pin
an_phu4-Aug-10 23:30
Memberan_phu4-Aug-10 23:30 
Generalmore detail please Pin
Steve Cav18-May-10 19:18
MemberSteve Cav18-May-10 19:18 
AnswerService does not respond Pin
BenjaminRumpf14-Dec-09 4:22
MemberBenjaminRumpf14-Dec-09 4:22 
Questionwhat about duplex channel? Pin
slava_pvf27-May-08 0:17
Memberslava_pvf27-May-08 0:17 
AnswerRe: what about duplex channel? Pin
Mohan Pindyala27-May-08 16:34
MemberMohan Pindyala27-May-08 16:34 
GeneralHttps Exception Pin
Miss C24-Sep-07 13:44
MemberMiss C24-Sep-07 13:44 
GeneralRe: Https Exception Pin
Mohan Pindyala24-Sep-07 19:11
MemberMohan Pindyala24-Sep-07 19:11 
GeneralAwesome article! Pin
zdex15-Aug-07 8:26
Memberzdex15-Aug-07 8:26 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.