CODEWITHSUNDEEP
jsonwcfsslweb-config
Jaiesh_bhai
Jaiesh_bhai

Reputation: 1814

How to secure webHttpBinding?

In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using wsHttpBinding with a security mode of Transport. Why is webHttpBinding not able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?

Essentially what is the difference between webHttpBinding and wsHttpBinding? 

<bindings>
  <wsHttpBinding>
    <binding name="TransportSecurity">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>

  <endpointBehaviors>
    <behavior name="EndpBehavior">
      <webHttp />
    </behavior>
  </endpointBehaviors>
</behaviors>

<services>
  <service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService">

    <endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" />

    <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />   
  </service>
</services>

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Upvotes: 9

Views: 22459

Answers (2)

phil v
phil v

Reputation: 191

The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html is this:

<bindings>
  <webHttpBinding>
    <binding>
      <security mode="Transport" />
    </binding>
  </webHttpBinding>
</bindings>

but also remove exposing metadata if desired.

the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx

the relevant parts are:

Transport Security is provided using HTTPS. The service needs to be configured with SSL certificates. The message is entirely secured using HTTPS and the service is authenticated by the client using the service’s SSL certificate. The client authentication is controlled through the ClientCredentialType attribute of the transport of webHttpBinding.

Upvotes: 12

Ercan
Ercan

Reputation: 246

I think this article will solve your problem. Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL

Upvotes: 12

Related Questions