Introduction
This article is useful for developers who are interested in implementing WCF webservice using transport layer security and SSL configured on IIS6.0. Those who do not have a good idea about WCF can read more about it here and here.
Using the code
You can go through the web.config file in the project folders which I have uploaded.
<system.serviceModel>
<services>
<service behaviorConfiguration="returnFaults" name="TestService.Service">
<endpoint binding="wsHttpBinding" bindingConfiguration=
"TransportSecurity" contract="TestService.IService"/>
<endpoint address="mex" binding="mexHttpsBinding"
name="MetadataBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="returnFaults">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpsGetEnabled="true"/>
<serviceTimeouts/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<diagnostics>
<messageLogging logEntireMessage="true"
maxMessagesToLog="300" logMessagesAtServiceLevel="true"
logMalformedMessages="true" logMessagesAtTransportLevel="true"/>
</diagnostics>
</system.serviceModel>
//Contract Description
[ServiceContract]
interface IService
{
[OperationContract]
string TestCall();
}
//Implementation
public class Service:IService
{
public string TestCall()
{
return "You just called a WCF webservice On SSL
(Transport Layer Security)";
}
}
//Tracing and message logging
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="Information,ActivityTracing" propagateActivity="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="xml"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="C:\Service.svclog"
type="System.Diagnostics.XmlWriterTraceListener" name="xml"/>
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
In the above ServiceModel configuration, there are two end points:
- One with contract
TestService.IService: In this, binding is configured to have transport layer security , see inside the <bindings> tag. So SSL has to be configured on IIS.
- One with contract
IMetadataExchange: this is also configured to an HTTPS call. If you see the binding it is mexHttpsBinding, and in the service behaviors section, httpsGetEnabled is used, here I tried to even secure the metadata publishing through WSDL.
To configure this Web.config file you can use SvcConfigEditor.exe which is located in
C:\program files\microsoft sdks\windows\v6.0\bin\svcconfigeditor.exe
If you try to run the code from Visual Studio then you get an exception as shown below:
"Could not find a base address that matches scheme HTTPS for the endpoint with binding WSHttpBinding. Registered base address schemes are [HTTP]."
So first configure the website on SSL. To get an idea on how to configure SSL, you can go through this. Make sure that when you configure the SSL, the certificate CN value should be exactly the same as the URL of the website. For example, if your webservice address is http:\\www.example.com, then issue a certificate on the name : CN = http:\\www.example.com.
Don't forget to host an entry in the hosts file c:\windows\system32\drivers\etc\hosts. If you want to put this on localhost then just enter the following in the host file 127.0.0.1 www.example.com.
Configure www.example.com as the header value in the website properties on port 80. Once you are done with SSL, you will access the webservice through the web browser as https://www.example.com/service.svc. On this page you will have the HTTPS URL for WSDL .
I have even enabled tracing and message logging on the webservice. To view the service log just use svctraceviewer.exe by loading service.log file in this. See the <system.diagnostics> tag above
Note that I have not put any certificates to run this sample. So if you want to run this sample, then generate a certificate, install it on IIS as per the instructions above and run it though the browser. To get an idea how to generate self certificates for testing purposes just go through this link.
To run this project you need to have IIS 6.0 on your machine. On IIS 5.0 also you can do that, but it needs to be configured to run WCF services.
Hope this article helps you get a good idea about WCF transport layer security and SSL. If you have any question or comments please email me, I would really appreciate it. Thanks.
