Not able to run WCF https web service

Question

I have created a WCF HTTP self hosted web service. Now i want to convert it into HTTPS. So i followed the following points:

Followed this page to create a certificates and bind it to a specific port. I create a certificate using mmc-> console root and followed the same steps written in above link.

Then i run following command to bind the port with certificate:

netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF} 

I change certhash according to my certificates. I also checked Created certificate info and got this.

I am also pasting the code written in my project to run web service on binded port:

try
  {
    m_running = true;
    private static String m_baseAddress = "https://10.0.0.1:8083";
    WebHttpBinding _binding = new WebHttpBinding();
    _binding.Security.Mode = WebHttpSecurityMode.Transport;
    _binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    m_serviceHost = new WebServiceHost(typeof(TService), new Uri(m_serviceAddress));
 m_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName,"contoso.com");
    ServiceEndpoint ep = m_serviceHost.AddServiceEndpoint(typeof(TContract), _binding, "");
     m_serviceHost.Open();
    }
     catch(Exception e){ }

Whenever i rebuild my project and run it. It always start for a second and get stopped. I check the log and nothing was present.

But when i removed this line

m_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName,"contoso.com");

and replace https to http. It works fine.

Answer 1

These are the following steps to create a HTTPS WCF self hosted web service.

• First, use netsh to add a namespace for reservation for the port: netsh http add urlacl url=https://127.0.0.1+:8085/ user=EVERYONE

• Type the following command to create a client certificate: makecert -sk RootCA -sky signature -pe -n CN=localhost -r -sr LocalMachine -ss Root MyCA.cer

• Now create a server certificate: makecert -sk server -sky exchange -pe -n CN=localhost -ir LocalMachine -is Root -ic MyCA.cer -sr LocalMachine -ss My MyAdHocTestCert.cer

Two new certificate files are now created in \Program Files\Microsoft SDKs\Windows\v7.0A\Bin with the name of MyCA.cer and MyAdHocTestCert.cer

Open server certificate i.e. MyAdHocTestCert.cer and choose thumbprint from details tab.

• Select thumbprint and remove all of the spaces from it.

• Now bind the port with this certificate with the following command: netsh http add sslcert ipport=127.0.0.1:8085 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable

where

• ipport : host address and port : put the same address as you choose in first step

• certhash : thumbprint

Now you are done with certificate and port binding. To check everything write netsh http show sslcert in cmd and you got something like this:

Now write the following code for WSHTTPbinding:

WebHttpBinding _binding = new WebHttpBinding();
_binding.Security.Mode = WebHttpSecurityMode.Transport;
_binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
m_serviceHost = new WebServiceHost(typeof(Serviceclass), new Uri("https://127.0.0.1:8085/"));
             m_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "611fe7748c5883f8082351744604a8c917608290");
            ServiceEndpoint ep = m_serviceHost.AddServiceEndpoint(typeof(InstanceClass), _binding, "hello");
            m_serviceHost.Open();

Now create your consumer to use this self-hosted WS