Reputation: 409
Implement transport security on my WCF service with custombinding on HTTP
I am new to WCF security . I am trying to implement transport security on my WCF service. We are using custombinding on HTTP. Can someone please suggest how can we do that?
<customBinding>
<binding name="CustomBinding">
<binaryMessageEncoding/>
<httpTransport allowCookies="true" maxReceivedMessageSize="2000000000" maxBufferSize="2000000000" maxBufferPoolSize="2000000000"/>
</binding>
</customBinding>
Upvotes: 0
Views: 1782
Answers (1)
Reputation:
You're going to want to use Certificates to achieve transport-level security.
You can use this tutorial (below) on how to create "test" certs; for production I'd advise either issuing a cert using your own company's internal CA (if they have one) or use a trusted provider (Symantec, GlobalSign, etc).
http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx
You can use this tutorial (below) on how to install the certificate(s) on the box(es).
http://msdn.microsoft.com/en-us/library/bb950259(v=bts.10).aspx
As far as the service app.config -- it should be something like the below:
<system.serviceModel>
<services>
<service name="YourServiceNameGoesHere" behaviorConfiguration="MyCustomBehavior">
<endpoint address="YourAddressGoesHere" binding="customBinding" contract="YourIContractNameGoesHere" bindingConfiguration="MyCustomBinding"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyCustomBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" trustedStoreLocation="LocalMachine" />
</clientCertificate>
<serviceCertificate findValue="YourCertNameGoesHere" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="MyCustomBinding">
<security authenticationMode="CertificateOverTransport" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
As far as the client app.config -- it should be something like the below:
<system.serviceModel>
<client>
<endpoint address="YourAddressGoesHere" binding="customBinding" bindingConfiguration="MyCustomBinding" behaviorConfiguration="MyCustomBehavior" contract="YourIContractNameGoesHere" name="YourClientNameGoesHere" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MyCustomBehavior">
<clientCredentials>
<clientCertificate findValue="YourCertNameGoesHere" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="MyCustomBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
Upvotes: 2
Related Questions
- Create a custom IIdentity in WCF REST when binding security is TransportCredentialOnly
- How to set customBinding to Transport Only Security?
- Generic code to dynamically add transport security to client endpoint binding in WCF
- WCF Service configuration HTTPS with CustomBinding
- WCF Binding with both transport and message security
- WCF Security - Transport Level Security with username password
- adding transport security to customBinding
- Equivalent custom WCF binding for basicHttpBinding with TransportWithMessageCredential security mode
- How do you disable security in wcf for a customBinding
- SSL and WCF Transport Security