Reputation: 9479
Forcing WCF to use HTTPS
How do I ensure my WCF service is over HTTPS and all communication is over HTTPS?
Theres nothing in my web.config file of the service that says http://... or https://....
HTTPS is set up in IIS and I can access the web service via http and https.
Or is this not required if it's encrypted anyway with message level security?
<bindings>
<wsHttpBinding>
<binding name="Binding1" maxReceivedMessageSize="20000000">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Upvotes: 2
Views: 6717
Answers (2)
Reputation: 39685
HTTPS is HTTP over Transport-Layer Security (TLS). To enable it, you need to configure your binding to use transport security in addition to the existing message-level security:
<bindings>
<wsHttpBinding>
<binding name="Binding1" maxReceivedMessageSize="20000000">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Upvotes: 2
Reputation: 5909
here is config for https:
<services>
<service name="WcfTransport.Service1" behaviorConfiguration="MyHttpsBehaviour">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurityBinding" contract="WcfTransport.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="MyHttpsBehaviour" >
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
note that httpsGetEnabled is set to true and httpGetEnabled is set to false. You can also remove mex endpoint if you don't need metadata exchange.
p.s. Message security is for message encryption, but of course, you can use message security with https.
Upvotes: 2
Related Questions
- WCF Services need to be HTTPS only but only work on HTTP
- How to configure WCF services to work through HTTPS without HTTP binding?
- How to make WCF Service Use HTTPS protocol
- how to make wcf working web service to work on https ?
- WCF Service over HTTPS only
- How to make a WCF Service work with https?
- WCF with HTTPS on Azure
- Run wcf service from IIS 7.5 with HTTPS instead of HTTP
- WCF service under https environment
- Can't get WCF to use both http and https for an operation