Message Encryption not working with wsHTTPBinding

Question

I can't seem to get message encryption working for wsHTTPBinding.

My setup is:

1. IIS Server
2. Default Web Site requires SSL and is tied to a self signed certificate I used using the IIS Self signing cert link.
3. SSL allows Certificate.
4. In my Web.Config of the web service I've got logging turned on and this is how I see that the message is not encrypted.
5. Web.Config is below
6. App config of the calling application is below.

I believe SSL is working as expected because when I try to access the web service using http I get an error. "The page you are trying to access is secured with Secure Sockets Layer (SSL)." If I use https to access the webservice I get the standard service page offering up the metadata link.

The cert pc548.fuzzywig.com is made up but the cert I have in there appears to be working.

Web Config

<?xml version="1.0"?>
<configuration>

  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel.MessageLogging" switchValue="Warning,ActivityTracing">
        <listeners>
          <add type="System.Diagnostics.DefaultTraceListener" name="Default">
            <filter type="" />
          </add>
          <add name="ServiceModelMessageLoggingListener">
            <filter type="" />
          </add>
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add initializeData="c:\github\idjcwebservices\dolwebservicehost\web_messages.svclog"
        type="System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
        name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
        <filter type="" />
      </add>
    </sharedListeners>
    <trace autoflush="true" />
  </system.diagnostics>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="false" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1"/>
  </system.web>

  <system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMalformedMessages="true"
        logMessagesAtTransportLevel="true" />
    </diagnostics>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_DOLService">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Certificate" ></transport>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>

      <serviceBehaviors>
        <behavior name="serviceCredentialBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName"/>
            <clientCertificate>
              <certificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="pc548.fuzzywig.com"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors> 
    <services>
      <service name="JuvenileDataShare.DOLService.DOLService" behaviorConfiguration="serviceCredentialBehavior">
        <endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
                  binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_DOLService"
                  contract="JuvenileDataShare.DOLService.IDOLService">
          <identity>
            <certificateReference storeName="My" storeLocation="LocalMachine" findValue="pc548.fuzzywig.com" x509FindType="FindBySubjectName" />
          </identity>
        </endpoint>
        <endpoint address="mex"
                  binding="mexHttpBinding"
                  contract="IMetadataExchange" />
      </service>
    </services>

  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>

        <!--To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.-->

    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>

App.Config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
    </startup>
    <system.serviceModel>
      <bindings>
        <wsHttpBinding>
          <binding name="WSHttpBinding_IDOLService">
            <security mode="TransportWithMessageCredential">

              <transport clientCredentialType="None" />
              <message clientCredentialType="Certificate" />
            </security>
          </binding>
        </wsHttpBinding>
      </bindings>
        <client>
            <endpoint address="https://pc548.fuzzywig.com/DOLWebservice/Service.svc"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDOLService" behaviorConfiguration="endpointCredentialBehavior"
                contract="ServiceReference1.IDOLService" name="WSHttpBinding_IDOLService">
                <identity>
                    <certificate encodedValue="AwAAAAEAAAAUAAAAoNjSmPGA78fyuWudCXDRS+ctSL4gAAAAAQAAAOgCAAAwggLkMIIBzKADAgECAhAZR1gTdbeUs0DhGCG1RcuZMA0GCSqGSIb3DQEBBQUAMBsxGTAXBgNVBAMTEFBDNTQ4LnJlc2RhdC5jb20wHhcNMTQxMjEwMjMxMzExWhcNMTUxMjEwMDAwMDAwWjAbMRkwFwYDVQQDExBQQzU0OC5yZXNkYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3yOPbRwjthCWnrZEjXdnp2XiGfjqJKQEu3BT5Sx6JGFJnFx/EnYo9GsZY+oDQQBcvIvG1sOH7H9Egxxl4Br1m0+qfO1RkaMCa1RsloE6bgWJMtlnGO0NazfNYI8zyjkpY5VclTesa1jrrzZ1qwllmWPZftwjiKsbdewfZ6sqCwfzI6DMdbUyWkB/l7CWjixOqdkrARnnfB728MVCDAz2/2EOh3hmDC+p1uNSJ4dNumdsNKEocruM7rsOszxzRLV5jcqrg/wG1RwSa2jdZ3ncyshBHlGtnfN+Rq7IEd3c1iwmjEgZFyppjyGi6JLLXU5QvnFOj75t12YoBWgaiIqNwIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBACzT10S1nrPONEVR5oHzIieg2TPFKbDL/Id7Zl7Yw+zTBB2IChAeMu3DuxYIR3+Ph0S6lm82lTF7daozhDKUpOzDjjYDHd/epPNaZRUf/t6NMbIWylj0j10BdISw/dI7a0cTAJ+sP26uaD0czN21BhDAL67QSnKVLlESXDPmPGxSx3Rj6aDEQzCBJagx+gaVFjevFmrdYzUQTpAJZV6u9b3ye+q0mjXYxqDKKQ2dtt6Qbb98km1vSL602bjg0SJhEEHa76yLZZiGM7fS1YTyruyqRfmkwrtyQNiKB0xiJCj0J3BC1HKXYqdC0qeQ99aEpl4+vqRt3dr8j/6uiZwTz4w=" />
                </identity>
            </endpoint>
        </client>
      <behaviors>
        <endpointBehaviors>
          <behavior name="endpointCredentialBehavior">
            <clientCredentials>
              <clientCertificate findValue="pc548.fuzzywig.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
    </system.serviceModel>
</configuration>

finally the log showing me that it's not encrypted.

<MessageLogTraceRecord>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IDOLService/HelloWorld2Response</a:Action>
<a:RelatesTo>urn:uuid:ede09c2c-b46f-4277-970a-c41b556ce3d9</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-12-12T15:54:47.304Z</u:Created>
<u:Expires>2014-12-12T15:59:47.304Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<HelloWorld2Response xmlns="http://tempuri.org/">
<HelloWorld2Result>Hello World2 @ 12/12/2014 8:54:47 AM</HelloWorld2Result>
</HelloWorld2Response>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>

Answer 1

change the mexHttpBinding to mexHttpsBinding and then update the metadata through "Update service Reference". Check it again after doing these changes. hope this helps.