Click here to Skip to main content
13,258,763 members (49,602 online)
Click here to Skip to main content
Add your own
alternative version

Stats

21.9K views
21 bookmarked
Posted 4 Dec 2013

How to host a WCF service without IIS in a development and production environment

, 5 Dec 2013
Rate this:
Please Sign up or sign in to vote.
Two solutions to host a self-hosted WCF Service

Introduction  

This topic will demonstrate how to build and deploy a self-hosted WCF Service.<o:p />

We will use two ways to solve the WCF Service hosting problem without IIS; Windows Service or Console Application.<o:p /> 

Using Windows Service, you will get the advantage to let the OS controls the Service lifetime. Moreover, it will provide the administrators with an easier way to manage the settings in a production environment.<o:p />

Using a Console Application, you will get the advantage to manage the service lifetime by yourself.<o:p />

For both, deploy a self-hosted WCF service is easier than an IIS-hosted WCF Service.<o:p /> 

Background 

The fundamental difference between deploying a WCF Service in an IIS environment or in a different one is the WCF authentication.<o:p />

As you probably know, by default, all the web applications and services run on the IIS user.<o:p />

In a self-hosted environment it’s obviously not the case. In a general Window application (Console, Window Service or GUI), the port listening will be refused if the application runs under an account with administrator privileges.<o:p /> 

Running WCF Service anyway<o:p /> 

If you still want to run an application which is listening on HTTP port, you will probably get the following error message.<o:p /> 

Note: If Visual Studio has been run as Administrator, the following message won’t appear. 

Register URL 

In a production environment, the Console application or Window Service should never be run as Administrator.<o:p />

In order to register the WCF URL, you just have to open the terminal as Administrator and run the following command:<o:p />

For a Console application:<o:p />

netsh http add urlacl url=https://+:8000/ user=domain\username<o:p />

For a Window service:<o:p />

netsh http add urlacl url=http://+:8000/ sddl=D:(A;;GA;;;NS)<o:p />

Note: The value for parameter user cannot be a group<o:p />

In that case, we use the secured HTTP protocol. At this step, the WCF service should work using the basic HTTP protocol. The second step will secure the connection using valid certificate.<o:p /> 

Generate a certificate<o:p /> 

In order to work on HTTPS protocol, a valid certificate has to be generated. For this tutorial we will create a self-signed certificate. <o:p />

It would be probably better to use a single signed certificate in a production environment. The single signed certificates are provided by a “Certified Authority”. Those authorities validate the existence of the referred business and the ownership of the domain. One of the most famous “Certificate Authority” is Versign.<o:p />

Note: If your certificate is self-signed and you try to call your WCF service through a web browser, you will be probably informed that the connection is untrusted.<o:p />

By opening the Developer command prompt for Visual Studio as Administrator and typing the following commands, you self-signed certificate will be generated :<o:p />

makecert -r -pe -sr LocalMachine -ss My -n CN=myComputerName -sky exchange<o:p />

The parameter CN should match with the name of your computer.<o:p /> 

Check generated certificate<o:p /> 

You can find the generated certificate by launching mmc.exe and selecting “File-> Add/Remove Snap-in”. Let’s find your certificate at “Certificate -> Computer account -> Local computer”. 

Get the thumbprint<o:p /> 

Your certificate contains important fields that provide the port with a way to “trust” it. Basically, you need to find the “Thumbprint” at the end of details tab.<o:p />

The “Thumbprint” is a hash value of 40 hexadecimal characters computed over the certificate including all its fields. It’s a unique value worldwide for a given certificate. The “Thumbprint” is also known as the “Fingerprint” of the certificate.<o:p /> 

Getting trusted 

Finally, the port needs to be linked to the certificate in order to trust it. First of all, generate a UUID by typing the following command in Developer command prompt:<o:p />

uuidgen<o:p />

Note: That command only generate a unique UUID.<o:p />

In this case, the result was: c901f928-02ae-4b67-bba6-2824c3c7099c<o:p />

Next, link the HTTP port to this UUID running the following command:<o:p />

netsh http add sslcert ipport=0.0.0.0:8000 certhash=‎‎45ace21524f027b1929115c0918130c868e3202c appid={c901f928-02ae-4b67-bba6-2824c3c7099c }<o:p /> 

Note: If you use HTTPS the security mode MUST be defined in code with the following lines: 

webHttpBinding.Security.Mode = WebHttpSecurityMode.Transport; 

That’s it! The WCF Service is now working and accessible with a self-signed certificate.<o:p /> 

Resume 

A brief resume regarding the commands you’ll need to launch in several cases:

HTTP 

  • Console application
    •  netsh http add urlacl url=https://+:8000/ user=domain\username<o:p /> 
  • Window Service
    •  netsh http add urlacl url=http://+:8000/ sddl=D:(A;;GA;;;NS)
 HTTPS  

  • Console application
    • netsh http add urlacl url=https://+:8000/ user=domain\username 
    • makecert -r -pe -sr LocalMachine -ss My -n CN=myComputerName -sky exchange
    • netsh http add sslcert ipport=0.0.0.0:8000 certhash=‎‎45ace21524f027b1929115c0918130c868e3202c appid={ c901f928-02ae-4b67-bba6-2824c3c7099c }
    • Define “webHttpBinding.Security.Mode” 
  • Window Service 
    • netsh http add urlacl url=http://+:8000/ sddl=D:(A;;GA;;;NS)
    • makecert -r -pe -sr LocalMachine -ss My -n CN=myComputerName -sky exchange
    • netsh http add sslcert ipport=0.0.0.0:8000 certhash=‎‎45ace21524f027b1929115c0918130c868e3202c appid={ c901f928-02ae-4b67-bba6-2824c3c7099c} 
    • Define “webHttpBinding.Security.Mode” 

References 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Infoteam SA
Switzerland Switzerland
No Biography provided
Group type: Organisation

1 members


You may also be interested in...

Pro
Pro

Comments and Discussions

 
QuestionHave a question. Pin
Tony49669-Dec-14 7:08
memberTony49669-Dec-14 7:08 
GeneralMy vote of 5 Pin
Jonathan Gilgen5-Dec-13 3:43
memberJonathan Gilgen5-Dec-13 3:43 
GeneralThanks Pin
Jonathan Gilgen5-Dec-13 3:33
memberJonathan Gilgen5-Dec-13 3:33 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.171114.1 | Last Updated 5 Dec 2013
Article Copyright 2013 by Infoteam SA
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid