Transport security in WCF

Question

I have 2 console applications in my solution. This is my WCF service:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace TransportSecTaulty
{
    [ServiceContract]
    public interface ITestService
    {
        [OperationContract]
        void CallMe(string message);
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace TransportSecTaulty
{
    public class TestService : ITestService
    {
        public void CallMe(string message)
        {
            Console.BackgroundColor = ConsoleColor.Green;
            Console.Write(message);
            Console.BackgroundColor = ConsoleColor.Black;
        }
    }
}

This is my app.config of the application which is hosting my WCF service:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <behaviors>
            <serviceBehaviors>
                <behavior name="">
                    <serviceMetadata  httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <services>
            <service name="TransportSecTaulty.TestService">
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="serviceConfig" contract="TransportSecTaulty.ITestService">
                    <identity>
                        <dns value="localhost" />
                    </identity>
                </endpoint>
                <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
                <host>
                    <baseAddresses>
                        <add baseAddress="https://localhost:8734/Design_Time_Addresses/TransportSecTaulty/TestService/" />
                    </baseAddresses>
                </host>
            </service>
        </services>
      <bindings>
        <basicHttpBinding>
          <binding name="serviceConfig">
            <security mode="Transport">
            </security>
          </binding>
        </basicHttpBinding>
      </bindings>
    </system.serviceModel>
</configuration>

My service correctly starts without any problem. However, when I try to add service reference in my client I get this error:

There was an error downloading 'https://localhost:8734/Design_Time_Addresses/TransportSecTaulty/TestService/'.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved: 'https://localhost:8734/Design_Time_Addresses/TransportSecTaulty/TestService/'.
An error occurred while making the HTTP request to https://localhost:8734/Design_Time_Addresses/TransportSecTaulty/TestService/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
If the service is defined in the current solution, try building the solution and adding the service reference again.

I am unable to browse my servie in browser. However, the same thing works perfectly on http. Problem only comes in https.

Any idea what can be wrong?

Answer 1

You are trying to protect the metadata with https, while the service itself is plain http. Is that really what you want?

MSDN has an article on securing meta data. It also secures the service itself (which is reasonable - why secure metadata and not the service?)

Answer 2

You've got

<endpoint address="" 
          binding="basicHttpBinding" 
          bindingConfiguration="serviceConfig" 
          contract="TransportSecTaulty.ITestService">

but I expect you want binding="basicHttpsBinding"

Answer 3

you should use WSHttpBinding ......