WCF with HTTP and TLS

Question

i have an WCF Service where some commands can run insecure via HTTP, but as soon as payment is done, I need to switch to TLS 1.2.

I see there is no way to get this working, except to add reference to second service with another binding and addionally changing the namespaces.

Is there no other way where I can use the same service and just switch the binding?

I use .NET 4.6.1 in case there is a feature in newer versions...

thx!

Answer 1

You can define the host as having multiple bindings and endpoints and the client too. Something like this in pseudo code, you have to fill in your own settings.

<netTcpbinding>
  <binding name="notsecure">
    <security mode="None" />
  </binding>
  <binding name="secure">
    <security mode="Transport" /> <!-- desired security settings -->
  </binding>
</netTcpBinding>
    <services>
      <service name="yyy">
        <endpoint binding="netTcpbinding" bindingConfiguration="notsecure" name="insecureEnd"
          contract="IContract" />
        <endpoint binding="netTcpBinding" bindingConfiguration="secure"
          name="secureEnd" contract="IContract" />
        <host>
          <baseAddresses>
            <add baseAddress="xxx" />
          </baseAddresses>
        </host>
      </service>
    </services>

Then config your client with the same multiple bindings and multiple endpoints.

And in code select the correct endpoint by name

Client secure = new Client("secure");
secure.Call();

Client notsecure = new Client("notsecure");

You can use the PrincipalPermission attribute to let certain functions only be called when they are authenticated with a specific certificate.

From MSDN:

https://msdn.microsoft.com/en-us/library/ms731200(v=vs.110).aspx

[PrincipalPermission(SecurityAction.Demand, Name = "CN=ReplaceWithSubjectName; 123456712345677E8E230FDE624F841B1CE9D41E")]
public double Multiply(double a, double b)
{
    return a * b;
}